diff options
| author | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2015-12-03 21:11:55 +0000 |
|---|---|---|
| committer | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2015-12-03 21:11:55 +0000 |
| commit | a9c1ebbf0861392583f5cd5ee7fe259fbf261e52 (patch) | |
| tree | 0fd7b59251c450f677a61f1dd940e05f02897c5c /sys/netinet/ip_icmp.c | |
| parent | 3389f73d3859bdb82aa4f339dee4f72c34852e88 (diff) | |
ip_send()/ip6_send() allow PF to send response packet in ipsoftnet task.
this avoids current recursion to pf_test() function. the change also
switches icmp_error()/icmp6_error() to use ip_send()/ip6_send() so
they are safe for PF.
The idea comes from Markus Friedl. bluhm, mikeb and mpi helped me
a lot to get it into shape.
OK bluhm@, mpi@
Diffstat (limited to 'sys/netinet/ip_icmp.c')
| -rw-r--r-- | sys/netinet/ip_icmp.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index eb5b3a9a4e0..f0b2d14f08d 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_icmp.c,v 1.149 2015/12/02 16:35:53 bluhm Exp $ */ +/* $OpenBSD: ip_icmp.c,v 1.150 2015/12/03 21:11:53 sashan Exp $ */ /* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */ /* @@ -854,7 +854,10 @@ icmp_send(struct mbuf *m, struct mbuf *opts) printf("icmp_send dst %s src %s\n", dst, src); } #endif - ip_output(m, opts, NULL, 0, NULL, NULL, 0); + if (opts != NULL) + m = ip_insertoptions(m, opts, &hlen); + + ip_send(m); } u_int32_t |