diff options
author | Philipp Buehler <pb@cvs.openbsd.org> | 2002-06-07 22:53:46 +0000 |
---|---|---|
committer | Philipp Buehler <pb@cvs.openbsd.org> | 2002-06-07 22:53:46 +0000 |
commit | 8054398cb4c8dbeeb6b0876ca76083a4fbf64b02 (patch) | |
tree | abf3abfbb81546ebb1864fc323d0d041b7d0c0ac /sys | |
parent | 0e6e36db1460cfd12df1f2e2a905a6cf620d86c1 (diff) |
add the possibility to configure a TTL while return-rst
ok dhartmei@, ipv6 part itojun@ ok
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 18 | ||||
-rw-r--r-- | sys/net/pfvar.h | 4 |
2 files changed, 14 insertions, 8 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index fb387b1c790..5600ecf8000 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.218 2002/06/07 21:46:08 jasoni Exp $ */ +/* $OpenBSD: pf.c,v 1.219 2002/06/07 22:53:37 pb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -205,7 +205,7 @@ void pf_change_icmp(struct pf_addr *, u_int16_t *, u_int16_t *, u_int16_t *, u_int16_t *, u_int16_t *, u_int8_t, int); void pf_send_reset(int, struct tcphdr *, - struct pf_pdesc *, int); + struct pf_pdesc *, int, u_int8_t); void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t, int); u_int16_t pf_map_port_range(struct pf_rdr *, u_int16_t); struct pf_nat *pf_get_nat(struct ifnet *, u_int8_t, @@ -2492,7 +2492,8 @@ pf_change_icmp(struct pf_addr *ia, u_int16_t *ip, struct pf_addr *oa, } void -pf_send_reset(int off, struct tcphdr *th, struct pf_pdesc *pd, int af) +pf_send_reset(int off, struct tcphdr *th, struct pf_pdesc *pd, int af, + u_int8_t return_ttl) { struct mbuf *m; struct m_tag *mtag; @@ -2591,7 +2592,9 @@ pf_send_reset(int off, struct tcphdr *th, struct pf_pdesc *pd, int af) /* Finish the IP header */ h2->ip_v = 4; h2->ip_hl = sizeof(*h2) >> 2; - h2->ip_ttl = ip_defttl; + if (!return_ttl) + return_ttl = ip_defttl; + h2->ip_ttl = return_ttl; h2->ip_sum = 0; h2->ip_len = len; h2->ip_off = ip_mtudisc ? IP_DF : 0; @@ -2605,7 +2608,9 @@ pf_send_reset(int off, struct tcphdr *th, struct pf_pdesc *pd, int af) sizeof(struct ip6_hdr), sizeof(*th)); h2_6->ip6_vfc |= IPV6_VERSION; - h2_6->ip6_hlim = 128; + if (!return_ttl) + return_ttl = IPV6_DEFHLIM; + h2_6->ip6_hlim = return_ttl; ip6_output(m, NULL, NULL, 0, NULL, NULL); #endif /* INET6 */ @@ -3151,7 +3156,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp, rewrite++; } if ((*rm)->rule_flag & PFRULE_RETURNRST) - pf_send_reset(off, th, pd, af); + pf_send_reset(off, th, pd, af, + (*rm)->return_ttl); else pf_send_icmp(m, (*rm)->return_icmp >> 8, (*rm)->return_icmp & 255, af); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 9222f40c498..7fe4bd1e108 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.75 2002/06/07 21:25:35 dhartmei Exp $ */ +/* $OpenBSD: pfvar.h,v 1.76 2002/06/07 22:53:37 pb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -269,11 +269,11 @@ struct pf_rule { u_int8_t flags; u_int8_t flagset; - u_int8_t rule_flag; u_int8_t min_ttl; u_int8_t allow_opts; u_int8_t rt; + u_int8_t return_ttl; }; #define PFRULE_RETURNRST 0x01 |