summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorPhilipp Buehler <pb@cvs.openbsd.org>2002-06-07 22:53:46 +0000
committerPhilipp Buehler <pb@cvs.openbsd.org>2002-06-07 22:53:46 +0000
commit8054398cb4c8dbeeb6b0876ca76083a4fbf64b02 (patch)
treeabf3abfbb81546ebb1864fc323d0d041b7d0c0ac /sys
parent0e6e36db1460cfd12df1f2e2a905a6cf620d86c1 (diff)
add the possibility to configure a TTL while return-rst
ok dhartmei@, ipv6 part itojun@ ok
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c18
-rw-r--r--sys/net/pfvar.h4
2 files changed, 14 insertions, 8 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index fb387b1c790..5600ecf8000 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.218 2002/06/07 21:46:08 jasoni Exp $ */
+/* $OpenBSD: pf.c,v 1.219 2002/06/07 22:53:37 pb Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -205,7 +205,7 @@ void pf_change_icmp(struct pf_addr *, u_int16_t *,
u_int16_t *, u_int16_t *, u_int16_t *,
u_int16_t *, u_int8_t, int);
void pf_send_reset(int, struct tcphdr *,
- struct pf_pdesc *, int);
+ struct pf_pdesc *, int, u_int8_t);
void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t, int);
u_int16_t pf_map_port_range(struct pf_rdr *, u_int16_t);
struct pf_nat *pf_get_nat(struct ifnet *, u_int8_t,
@@ -2492,7 +2492,8 @@ pf_change_icmp(struct pf_addr *ia, u_int16_t *ip, struct pf_addr *oa,
}
void
-pf_send_reset(int off, struct tcphdr *th, struct pf_pdesc *pd, int af)
+pf_send_reset(int off, struct tcphdr *th, struct pf_pdesc *pd, int af,
+ u_int8_t return_ttl)
{
struct mbuf *m;
struct m_tag *mtag;
@@ -2591,7 +2592,9 @@ pf_send_reset(int off, struct tcphdr *th, struct pf_pdesc *pd, int af)
/* Finish the IP header */
h2->ip_v = 4;
h2->ip_hl = sizeof(*h2) >> 2;
- h2->ip_ttl = ip_defttl;
+ if (!return_ttl)
+ return_ttl = ip_defttl;
+ h2->ip_ttl = return_ttl;
h2->ip_sum = 0;
h2->ip_len = len;
h2->ip_off = ip_mtudisc ? IP_DF : 0;
@@ -2605,7 +2608,9 @@ pf_send_reset(int off, struct tcphdr *th, struct pf_pdesc *pd, int af)
sizeof(struct ip6_hdr), sizeof(*th));
h2_6->ip6_vfc |= IPV6_VERSION;
- h2_6->ip6_hlim = 128;
+ if (!return_ttl)
+ return_ttl = IPV6_DEFHLIM;
+ h2_6->ip6_hlim = return_ttl;
ip6_output(m, NULL, NULL, 0, NULL, NULL);
#endif /* INET6 */
@@ -3151,7 +3156,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
rewrite++;
}
if ((*rm)->rule_flag & PFRULE_RETURNRST)
- pf_send_reset(off, th, pd, af);
+ pf_send_reset(off, th, pd, af,
+ (*rm)->return_ttl);
else
pf_send_icmp(m, (*rm)->return_icmp >> 8,
(*rm)->return_icmp & 255, af);
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 9222f40c498..7fe4bd1e108 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.75 2002/06/07 21:25:35 dhartmei Exp $ */
+/* $OpenBSD: pfvar.h,v 1.76 2002/06/07 22:53:37 pb Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -269,11 +269,11 @@ struct pf_rule {
u_int8_t flags;
u_int8_t flagset;
-
u_int8_t rule_flag;
u_int8_t min_ttl;
u_int8_t allow_opts;
u_int8_t rt;
+ u_int8_t return_ttl;
};
#define PFRULE_RETURNRST 0x01