summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2002-10-07 12:59:56 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2002-10-07 12:59:56 +0000
commitd06dba9ad473b167b4612045b483d44682afd80d (patch)
treee3482e20a8d3ff56feee8b5329c5b1db65a51dcc /sys
parentb645be9b9e878ea84b8e1cff2de6be4795a17150 (diff)
use a new rule_flag PFRULE_RETURNICMP to decide wether to return-icmp or not
instead of just testing return_icmp > 0 ok dhartmei@
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c14
-rw-r--r--sys/net/pfvar.h4
2 files changed, 10 insertions, 8 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 783f211b40a..31821e7ffc2 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.248 2002/10/07 12:39:29 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.249 2002/10/07 12:59:54 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1736,7 +1736,7 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
if (((*rm)->action == PF_DROP) &&
(((*rm)->rule_flag & PFRULE_RETURNRST) ||
- (*rm)->return_icmp)) {
+ ((*rm)->rule_flag & PFRULE_RETURNICMP))) {
/* undo NAT/RST changes, if they have taken place */
if (nat != NULL ||
(binat != NULL && direction == PF_OUT)) {
@@ -1752,7 +1752,7 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
if ((*rm)->rule_flag & PFRULE_RETURNRST)
pf_send_reset(off, th, pd, af,
(*rm)->return_ttl);
- else
+ else if ((*rm)->return_icmp)
pf_send_icmp(m, (*rm)->return_icmp >> 8,
(*rm)->return_icmp & 255, af);
}
@@ -1996,7 +1996,8 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
PFLOG_PACKET(ifp, h, m, af, direction, reason, *rm);
}
- if (((*rm)->action == PF_DROP) && (*rm)->return_icmp) {
+ if (((*rm)->action == PF_DROP) &&
+ ((*rm)->rule_flag & PFRULE_RETURNICMP)) {
/* undo NAT/RST changes, if they have taken place */
if (nat != NULL ||
(binat != NULL && direction == PF_OUT)) {
@@ -2009,8 +2010,9 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
&uh->uh_sum, &baddr, bport, 1, af);
rewrite++;
}
- pf_send_icmp(m, (*rm)->return_icmp >> 8,
- (*rm)->return_icmp & 255, af);
+ if ((*rm)->return_icmp)
+ pf_send_icmp(m, (*rm)->return_icmp >> 8,
+ (*rm)->return_icmp & 255, af);
}
if ((*rm)->action == PF_DROP)
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 62b5c342f40..35cad1f60fc 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.91 2002/10/07 12:39:29 dhartmei Exp $ */
+/* $OpenBSD: pfvar.h,v 1.92 2002/10/07 12:59:54 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -282,7 +282,7 @@ struct pf_rule {
#define PFRULE_RETURNRST 0x01
#define PFRULE_NODF 0x02
#define PFRULE_FRAGMENT 0x04
-
+#define PFRULE_RETURNICMP 0x08
#define PFRULE_FRAGCROP 0x10 /* non-buffering frag cache */
#define PFRULE_FRAGDROP 0x20 /* drop funny fragments */