summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorMike Belopuhov <mikeb@cvs.openbsd.org>2011-12-21 14:46:25 +0000
committerMike Belopuhov <mikeb@cvs.openbsd.org>2011-12-21 14:46:25 +0000
commit4ae782c044dcf69d553cdace686f2817ab0d0bb6 (patch)
tree630e81badeb9b1eea239b095dc3d7f46b6c17f5d /sys
parent75187de78449d27da89d2e80cd0b4fa7e794e641 (diff)
don't attempt to run pf_translate on fragments: it will fail miserably.
also don't do af translation if pf_translate didn't succeed. ok henning
Diffstat (limited to 'sys')
-rw-r--r--sys/net/if_pflog.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c
index 3ea408aa6d4..ef6cecc94e0 100644
--- a/sys/net/if_pflog.c
+++ b/sys/net/if_pflog.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pflog.c,v 1.45 2011/10/21 15:45:55 mikeb Exp $ */
+/* $OpenBSD: if_pflog.c,v 1.46 2011/12/21 14:46:24 mikeb Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -404,7 +404,8 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len)
if (pd.dport)
odport = *pd.dport;
- if ((pfloghdr->rewritten = pf_translate(&pd, &pfloghdr->saddr,
+ if (pd.virtual_proto != PF_VPROTO_FRAGMENT &&
+ (pfloghdr->rewritten = pf_translate(&pd, &pfloghdr->saddr,
pfloghdr->sport, &pfloghdr->daddr, pfloghdr->dport, 0,
pfloghdr->dir))) {
m_copyback(pd.m, pd.off, min(pd.m->m_len - pd.off, pd.hdrlen),
@@ -422,7 +423,7 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len)
pd.tot_len = min(pd.tot_len, len);
pd.tot_len -= pd.m->m_data - pd.m->m_pktdat;
- if (afto)
+ if (afto && pfloghdr->rewritten)
pf_translate_af(&pd);
mlen = min(pd.m->m_pkthdr.len, len);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-30 01:21:30 +0000