diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2007-11-16 14:03:38 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2007-11-16 14:03:38 +0000 |
| commit | cb29efa11eb08a664a2778f08ab11bde94de83fa (patch) | |
| tree | 816230db2bc18e5bb3893e0bfd14f9e03116783c /sys | |
| parent | 74a1228b15a3c4f448f3b418b5fe7ad68c00f899 (diff) | |
in pf_test_fragment(), ignore protocol-specific criteria for packets of
different protocols. from Max Laier. ok markus@, henning@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 9d935d03e32..c6893c73b91 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.562 2007/11/11 23:58:43 pascoe Exp $ */ +/* $OpenBSD: pf.c,v 1.563 2007/11/16 14:03:37 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3563,9 +3563,17 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct pfi_kif *kif, r = r->skip[PF_SKIP_DST_ADDR].ptr; else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); - else if (r->src.port_op || r->dst.port_op || - r->flagset || r->type || r->code || - r->os_fingerprint != PF_OSFP_ANY) + else if (r->os_fingerprint != PF_OSFP_ANY) + r = TAILQ_NEXT(r, entries); + else if (pd->proto == IPPROTO_UDP && + (r->src.port_op || r->dst.port_op)) + r = TAILQ_NEXT(r, entries); + else if (pd->proto == IPPROTO_TCP && + (r->src.port_op || r->dst.port_op || r->flagset)) + r = TAILQ_NEXT(r, entries); + else if ((pd->proto == IPPROTO_ICMP || + pd->proto == IPPROTO_ICMPV6) && + (r->type || r->code)) r = TAILQ_NEXT(r, entries); else if (r->prob && r->prob <= (arc4random() % (UINT_MAX - 1) + 1)) |