diff options
| author | David Krause <david@cvs.openbsd.org> | 2009-04-16 04:40:20 +0000 |
|---|---|---|
| committer | David Krause <david@cvs.openbsd.org> | 2009-04-16 04:40:20 +0000 |
| commit | c4bfdcfea3eb82fe4452e84783f8cec99b74a436 (patch) | |
| tree | 897ebdb7ee29a9ace7b6b62b96dd703a0791f830 /sbin | |
| parent | 1ff74c3375d0fd7c55eb9b12c57d1b83d0ce49f1 (diff) | |
Really turn fragment reassembly on by default. pfctl must handle this
since the DIOCSETREASS ioctl is called on every ruleset load and was
overriding the initial setting in pfattach(). Fix setting of the global
no-df bitmask as well.
ok henning@
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/pfctl/pfctl.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index ff03a04d02d..c74895afb2c 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.281 2009/04/06 12:05:55 henning Exp $ */ +/* $OpenBSD: pfctl.c,v 1.282 2009/04/16 04:40:19 david Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1546,6 +1546,7 @@ pfctl_init_options(struct pfctl *pf) pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT_SMALL; pf->debug = PF_DEBUG_URGENT; + pf->reassemble = PF_REASS_ENABLED; } int @@ -1705,7 +1706,9 @@ pfctl_set_reassembly(struct pfctl *pf, int on, int nodf) if (on) { pf->reassemble = PF_REASS_ENABLED; if (nodf) - pf->reassemble &= PF_REASS_NODF; + pf->reassemble |= PF_REASS_NODF; + } else { + pf->reassemble = 0; } if (pf->opts & PF_OPT_VERBOSE) |