diff options
| author | Camiel Dobbelaar <camield@cvs.openbsd.org> | 2003-02-18 08:05:16 +0000 |
|---|---|---|
| committer | Camiel Dobbelaar <camield@cvs.openbsd.org> | 2003-02-18 08:05:16 +0000 |
| commit | 30d28f51dfbabab6bcd3ca54b29c226c9531686f (patch) | |
| tree | 67923d91b2cfaf93a1cdc855931a277911747462 /sys | |
| parent | 283dd5415a502254ab5d77fff2bf66b37d2353c1 (diff) | |
Enforce min-ttl and random-id on inbound scrub as well as outbound.
ok dhartmei@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf_norm.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index f05ef514260..54e049520eb 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.54 2003/02/12 20:43:36 dhartmei Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.55 2003/02/18 08:05:15 camield Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -943,9 +943,6 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason) } no_fragment: - if (dir != PF_OUT) - return (PF_PASS); - /* At this point, only IP_DF is allowed in ip_off */ h->ip_off &= IP_DF; @@ -959,9 +956,6 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason) return (PF_PASS); fragment_pass: - if (dir != PF_OUT) - return (PF_PASS); - /* Enforce a minimum ttl, may cause endless packet loops */ if (r->min_ttl && h->ip_ttl < r->min_ttl) h->ip_ttl = r->min_ttl; |