diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2011-06-21 08:59:48 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2011-06-21 08:59:48 +0000 |
| commit | 21a25a80522b5610f1a4255fb90dd52f4eee21ef (patch) | |
| tree | 30cd8a8f53d6b4958155f6b015f54762b4bbb7b4 /sys | |
| parent | 45e3192a8b259dc5b7bd5ec4d3a389cecf142e2c (diff) | |
There is no need to handle fragmented TCP reset packets in a special
way. Remove PFDESC_IP_REAS and pf_pdesc flags completely.
ok claudio@ henning@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 9 | ||||
| -rw-r--r-- | sys/net/pf_norm.c | 10 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 8 |
3 files changed, 10 insertions, 17 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 2409a3ac74f..f5de29e2149 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.749 2011/06/20 19:03:41 claudio Exp $ */ +/* $OpenBSD: pf.c,v 1.750 2011/06/21 08:59:47 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3617,8 +3617,7 @@ pf_tcp_track_full(struct pf_state_peer *src, struct pf_state_peer *dst, (ackskew <= (MAXACKWINDOW << sws)) && /* Acking not more than one window forward */ ((th->th_flags & TH_RST) == 0 || orig_seq == src->seqlo || - (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo) || - (pd->flags & PFDESC_IP_REAS) == 0)) { + (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo))) { /* Require an exact/+1 sequence match on resets when possible */ if (dst->scrub || src->scrub) { @@ -5531,7 +5530,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, return (-1); } /* packet reassembly */ - if (pf_normalize_ip(m0, dir, reason, pd) != PF_PASS) { + if (pf_normalize_ip(m0, dir, reason) != PF_PASS) { *action = PF_DROP; return (-1); } @@ -5607,7 +5606,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, /* packet reassembly */ if (pf_status.reass && - pf_normalize_ip6(m0, dir, reason, pd) != PF_PASS) { + pf_normalize_ip6(m0, dir, reason) != PF_PASS) { *action = PF_DROP; return (-1); } diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index fd4f5b578cc..61761f0f37b 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.134 2011/06/20 19:03:41 claudio Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.135 2011/06/21 08:59:47 bluhm Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -739,8 +739,7 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, int dir) #endif /* INET6 */ int -pf_normalize_ip(struct mbuf **m0, int dir, u_short *reason, - struct pf_pdesc *pd) +pf_normalize_ip(struct mbuf **m0, int dir, u_short *reason) { struct mbuf *m = *m0; struct ip *h = mtod(m, struct ip *); @@ -779,14 +778,12 @@ pf_normalize_ip(struct mbuf **m0, int dir, u_short *reason, if (h->ip_off & ~htons(IP_DF)) h->ip_off &= htons(IP_DF); - pd->flags |= PFDESC_IP_REAS; return (PF_PASS); } #ifdef INET6 int -pf_normalize_ip6(struct mbuf **m0, int dir, u_short *reason, - struct pf_pdesc *pd) +pf_normalize_ip6(struct mbuf **m0, int dir, u_short *reason) { struct mbuf *m = *m0; struct ip6_hdr *h = mtod(m, struct ip6_hdr *); @@ -911,7 +908,6 @@ pf_normalize_ip6(struct mbuf **m0, int dir, u_short *reason, if (m == NULL) return (PF_PASS); - pd->flags |= PFDESC_IP_REAS; return (PF_PASS); shortpkt: diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 3800a598bb4..21f15837f75 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.333 2011/06/20 19:03:41 claudio Exp $ */ +/* $OpenBSD: pfvar.h,v 1.334 2011/06/21 08:59:47 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1221,8 +1221,6 @@ struct pf_pdesc { u_int16_t *proto_sum; u_int16_t rdomain; /* original routing domain */ - u_int16_t flags; -#define PFDESC_IP_REAS 0x0002 /* IP frags would've been reassembled */ sa_family_t af; u_int8_t proto; u_int8_t tos; @@ -1777,8 +1775,8 @@ int pf_match_gid(u_int8_t, gid_t, gid_t, gid_t); int pf_refragment6(struct mbuf **, struct m_tag *mtag, int); void pf_normalize_init(void); -int pf_normalize_ip(struct mbuf **, int, u_short *, struct pf_pdesc *); -int pf_normalize_ip6(struct mbuf **, int, u_short *, struct pf_pdesc *); +int pf_normalize_ip(struct mbuf **, int, u_short *); +int pf_normalize_ip6(struct mbuf **, int, u_short *); int pf_normalize_tcp(int, struct mbuf *, int, struct pf_pdesc *); void pf_normalize_tcp_cleanup(struct pf_state *); int pf_normalize_tcp_init(struct mbuf *, int, struct pf_pdesc *, |