diff options
| author | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2012-05-12 13:08:49 +0000 |
|---|---|---|
| committer | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2012-05-12 13:08:49 +0000 |
| commit | 3710fda88171027596e7116ae79b9a2bf69ce1dc (patch) | |
| tree | 8c5e3f4a11932173504ee80d4d54d06665ba80f7 /sys/net | |
| parent | 4df681091f63c476cdd0ffb3d621f39480efbbe2 (diff) | |
Ignore/preserve ECN bits on ToS matching and scrubbing.
The lower 2 bits of the tos-header are used for ECN.
(http://tools.ietf.org/html/rfc2474#section-3)
OK henning@, haesbaert@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf.c | 4 | ||||
| -rw-r--r-- | sys/net/pf_norm.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 69cf407522d..9dc8646b6b5 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.804 2012/04/11 13:29:14 naddy Exp $ */ +/* $OpenBSD: pf.c,v 1.805 2012/05/12 13:08:48 mpf Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -6462,7 +6462,7 @@ pf_setup_pdesc(struct pf_pdesc *pd, void *pdhdrs, sa_family_t af, int dir, pd->dst = (struct pf_addr *)&h->ip_dst; pd->virtual_proto = pd->proto = h->ip_p; pd->tot_len = ntohs(h->ip_len); - pd->tos = h->ip_tos; + pd->tos = h->ip_tos & ~IPTOS_ECN_MASK; pd->rdomain = rtable_l2(pd->m->m_pkthdr.rdomain); pd->ttl = h->ip_ttl; if (h->ip_hl > 5) /* has options */ diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 4e305397926..45e0db4b6a5 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.153 2012/02/03 01:57:51 bluhm Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.154 2012/05/12 13:08:48 mpf Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -1466,7 +1466,7 @@ pf_scrub(struct mbuf *m, u_int16_t flags, sa_family_t af, u_int8_t min_ttl, /* Enforce tos */ if (flags & PFSTATE_SETTOS) { if (af == AF_INET) - h->ip_tos = tos; + h->ip_tos = tos | (h->ip_tos & IPTOS_ECN_MASK); #ifdef INET6 if (af == AF_INET6) { /* drugs are unable to explain such idiocy */ |