diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2011-04-04 14:14:54 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2011-04-04 14:14:54 +0000 |
| commit | aabbe2fa8d6e52ed6603d959dd1c9411236cdcc5 (patch) | |
| tree | 70883a0f5d65ed181abc821aa26a0b4dd7aef62b /sys/net | |
| parent | cfa4ccb854c4c0485f159f340d7547dabee37de1 (diff) | |
stop fiddling with the ip checksum here too, it is always recalculated
in all output pathes anyway.
even worse than in the rest of pf, here we ran circles to update the ip
cksum every time we flip a tiny bit in the header...
pretty sure dlg claudio ok'd it and it is damn obvious anyway
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf_norm.c | 41 |
1 files changed, 7 insertions, 34 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index a04d1bfbb59..ac65abc4766 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.130 2011/03/24 20:09:44 bluhm Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.131 2011/04/04 14:14:53 henning Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -756,12 +756,8 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, goto drop; /* Clear IP_DF if we're in no-df mode */ - if (pf_status.reass & PF_REASS_NODF && h->ip_off & htons(IP_DF)) { - u_int16_t ip_off = h->ip_off; - + if (pf_status.reass & PF_REASS_NODF && h->ip_off & htons(IP_DF)) h->ip_off &= htons(~IP_DF); - h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_off, h->ip_off, 0); - } /* We will need other tests here */ if (!fragoff && !mff) @@ -788,12 +784,8 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, no_fragment: /* At this point, only IP_DF is allowed in ip_off */ - if (h->ip_off & ~htons(IP_DF)) { - u_int16_t ip_off = h->ip_off; - + if (h->ip_off & ~htons(IP_DF)) h->ip_off &= htons(IP_DF); - h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_off, h->ip_off, 0); - } pd->flags |= PFDESC_IP_REAS; return (PF_PASS); @@ -1562,39 +1554,20 @@ pf_scrub_ip(struct mbuf **m0, u_int16_t flags, u_int8_t min_ttl, u_int8_t tos) struct ip *h = mtod(m, struct ip *); /* Clear IP_DF if no-df was requested */ - if (flags & PFSTATE_NODF && h->ip_off & htons(IP_DF)) { - u_int16_t ip_off = h->ip_off; - + if (flags & PFSTATE_NODF && h->ip_off & htons(IP_DF)) h->ip_off &= htons(~IP_DF); - h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_off, h->ip_off, 0); - } /* Enforce a minimum ttl, may cause endless packet loops */ - if (min_ttl && h->ip_ttl < min_ttl) { - u_int16_t ip_ttl = h->ip_ttl; - + if (min_ttl && h->ip_ttl < min_ttl) h->ip_ttl = min_ttl; - h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_ttl, h->ip_ttl, 0); - } /* Enforce tos */ - if (flags & PFSTATE_SETTOS) { - u_int16_t ov, nv; - - ov = *(u_int16_t *)h; + if (flags & PFSTATE_SETTOS) h->ip_tos = tos; - nv = *(u_int16_t *)h; - - h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0); - } /* random-id, but not for fragments */ - if (flags & PFSTATE_RANDOMID && !(h->ip_off & ~htons(IP_DF))) { - u_int16_t ip_id = h->ip_id; - + if (flags & PFSTATE_RANDOMID && !(h->ip_off & ~htons(IP_DF))) h->ip_id = htons(ip_randomid()); - h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_id, h->ip_id, 0); - } } #ifdef INET6 |