diff options
| author | Lawrence Teo <lteo@cvs.openbsd.org> | 2013-10-22 15:35:58 +0000 |
|---|---|---|
| committer | Lawrence Teo <lteo@cvs.openbsd.org> | 2013-10-22 15:35:58 +0000 |
| commit | 7cd13d6bc11d4be6ed506fe23f8209f1f6edf0a9 (patch) | |
| tree | ec70aa197fb1fb631c8e7255ea7e0df6afacc128 /sys | |
| parent | ff0f4c2f166a365b6c3aba955485de8370439e37 (diff) | |
In pf_test_state_icmp(), actually copy pd->hdr.any back into the mbuf as
intended after the ICMP/ICMPv6 checksum is zeroed in pf_cksum(). This
resolves an issue found by sthen@ where ICMP traffic with nat-to failed
due to incorrect checksums.
Fix tested by sthen@ and myself
OK henning@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index c440a485bde..9c5ca4257c9 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.849 2013/10/21 09:39:23 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.850 2013/10/22 15:35:57 lteo Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5325,8 +5325,10 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **state, } } } - if (copyback) + if (copyback) { pf_cksum(pd, pd->m); + m_copyback(pd->m, pd->off, pd->hdrlen, pd->hdr.any, M_NOWAIT); + } return (PF_PASS); } |