diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2004-06-25 11:04:04 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2004-06-25 11:04:04 +0000 |
| commit | 1d6369d7a35f1635dd2681c1952d5fc7b576a9ac (patch) | |
| tree | 91b56433a16a370e138293727f407078c982799f | |
| parent | f68cf455c24fc362024b3bd425497e7b6aa4753f (diff) | |
correct "scrub in" behavior for IPv6.
remaining TODO:
- "forward" case kernel behavior (IPv4 too), then pfctl syntax change
- red-black tree
| -rw-r--r-- | sys/net/pf.c | 7 | ||||
| -rw-r--r-- | sys/net/pf_norm.c | 6 |
2 files changed, 6 insertions, 7 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 9fdfbf36847..1f5a2f3cae5 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.455 2004/06/25 00:42:58 itojun Exp $ */ +/* $OpenBSD: pf.c,v 1.456 2004/06/25 11:04:03 itojun Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -6044,9 +6044,8 @@ done: m_freem(*m0); *m0 = NULL; - return (PF_PASS); - } else - break; + } + return (PF_PASS); case PF_OUT: if (frag) { diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 0386379fd99..1700e9c7b4f 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.91 2004/06/25 00:42:58 itojun Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.92 2004/06/25 11:04:03 itojun Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -1138,8 +1138,7 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kif *kif, * the fragment have already passed the * "scrub in". no need to go to reass code */ - terminal = 1; - break; + goto frag_scrub; } goto fragment; break; @@ -1223,6 +1222,7 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kif *kif, if (r->min_ttl && h->ip6_hlim < r->min_ttl) h->ip6_hlim = r->min_ttl; + frag_scrub: return (PF_PASS); fragment: |