diff options
| author | Philipp Buehler <pb@cvs.openbsd.org> | 2002-06-09 10:52:39 +0000 |
|---|---|---|
| committer | Philipp Buehler <pb@cvs.openbsd.org> | 2002-06-09 10:52:39 +0000 |
| commit | 681261905b8d3723af2d0cec4727bb2878f0d147 (patch) | |
| tree | 7652bb94cc411fdd5104f1a287c4ad87031f219f | |
| parent | e01b9f346d76229fd7eac2babb27fb85ff518e24 (diff) | |
reapply patch from jasoni@ for pf_route[6]
| -rw-r--r-- | sys/net/pf.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 086f8d0db8e..ca5ff7757ed 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.225 2002/06/09 08:53:08 pb Exp $ */ +/* $OpenBSD: pf.c,v 1.226 2002/06/09 10:52:38 pb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3689,9 +3689,13 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir) * Must be able to put at least 8 bytes per fragment. */ if (ip->ip_off & IP_DF) { - error = EMSGSIZE; ipstat.ips_cantfrag++; - goto bad; + if (r->rt != PF_DUPTO) { + icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0, + ifp); + goto done; + } else + goto bad; } m1 = m0; @@ -3794,15 +3798,16 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir) } /* - * Do not fragment packets (yet). Not much is done here for dealing - * with errors. Actions on errors depend on whether the packet - * was generated locally or being forwarded. + * If the packet is too large for the outgoing interface, + * send back an icmp6 error. */ if (m0->m_pkthdr.len <= ifp->if_mtu) { error = (*ifp->if_output)(ifp, m0, (struct sockaddr *)dst, NULL); - } else - m_freem(m0); + } else if (r->rt != PF_DUPTO) + icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu); + else + goto bad; done: if (r->rt != PF_DUPTO) |