summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2002-07-10 22:17:59 +0000
committerJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2002-07-10 22:17:59 +0000
commite74439ee98c4cc7caf1ed8a059e01977ba8a4036 (patch)
tree847916d864bbde177df720fe9bfa5cade0a231c9
parent6b21b1cf010b3a7755b13b895bf5d2a09393a005 (diff)
let IPv6 fragment go through based on normal rulesets.
TODO: sort-of normalization against fragments for inspection ok dhartmei@
-rw-r--r--sys/net/pf.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index b7c1ddba665..2c215464ee9 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.235 2002/06/14 21:35:00 todd Exp $ */
+/* $OpenBSD: pf.c,v 1.236 2002/07/10 22:17:58 itojun Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -3194,7 +3194,10 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
do {
switch (pd2.proto) {
case IPPROTO_FRAGMENT:
- /* XXX we don't handle fagments yet */
+ /*
+ * ICMPv6 error messages for
+ * non-first fragments
+ */
return (PF_DROP);
case IPPROTO_AH:
case IPPROTO_HOPOPTS:
@@ -4094,9 +4097,9 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
do {
switch (pd.proto) {
case IPPROTO_FRAGMENT:
- /* XXX we don't handle fragments yet */
- action = PF_DROP;
- REASON_SET(&reason, PFRES_FRAG);
+ action = pf_test_fragment(&r, dir, ifp, m, h, &pd);
+ if (action == PF_DROP)
+ REASON_SET(&reason, PFRES_FRAG);
goto done;
case IPPROTO_AH:
case IPPROTO_HOPOPTS: