diff options
| -rw-r--r-- | sys/net/pf.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 81c3ca3eab1..9b9b0b3cd2c 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.640 2009/04/06 12:05:55 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.641 2009/04/11 23:42:05 jsing Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5549,6 +5549,15 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, break; } +#ifdef INET6 + case IPPROTO_ICMPV6: { + action = PF_DROP; + DPFPRINTF(PF_DEBUG_MISC, + ("pf: dropping IPv4 packet with ICMPv6 payload\n")); + goto done; + } +#endif + default: action = pf_test_state_other(&s, dir, kif, m, &pd); if (action == PF_PASS) { @@ -5920,6 +5929,13 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, break; } + case IPPROTO_ICMP: { + action = PF_DROP; + DPFPRINTF(PF_DEBUG_MISC, + ("pf: dropping IPv6 packet with ICMPv4 payload\n")); + goto done; + } + case IPPROTO_ICMPV6: { union { struct icmp6_hdr icmp6; |