From ec015c1082397d71c6112cd3e8de4dcaa97ae1c1 Mon Sep 17 00:00:00 2001
From: Stuart Henderson <sthen@cvs.openbsd.org>
Date: Thu, 25 Jun 2009 09:30:29 +0000
Subject: scrub_flags is a u_int8_t, but PFSTATE_SCRUB_TCP is 0x0100, so the
 "reassemble tcp" state option failed to work correctly. Increasing this to
 u_int16_t fixes kernel/6178. ok deraadt@ henning@

---
 sys/net/pf_norm.c |  6 +++---
 sys/net/pfvar.h   | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index fccd17e5365..d111ed5ecb3 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.117 2009/04/07 13:26:23 henning Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.118 2009/06/25 09:30:28 sthen Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -113,7 +113,7 @@ void			 pf_free_fragment(struct pf_fragment *);
 struct pf_fragment	*pf_find_fragment(struct ip *, struct pf_frag_tree *);
 struct mbuf		*pf_reassemble(struct mbuf **, struct pf_fragment **,
 			    struct pf_frent *, int);
-void			 pf_scrub_ip(struct mbuf **, u_int8_t, u_int8_t,
+void			 pf_scrub_ip(struct mbuf **, u_int16_t, u_int8_t,
 			    u_int8_t);
 #ifdef INET6
 void			 pf_scrub_ip6(struct mbuf **, u_int8_t);
@@ -1373,7 +1373,7 @@ pf_normalize_mss(struct mbuf *m, int off, struct pf_pdesc *pd, u_int16_t maxmss)
 }
 
 void
-pf_scrub_ip(struct mbuf **m0, u_int8_t flags, u_int8_t min_ttl, u_int8_t tos)
+pf_scrub_ip(struct mbuf **m0, u_int16_t flags, u_int8_t min_ttl, u_int8_t tos)
 {
 	struct mbuf		*m = *m0;
 	struct ip		*h = mtod(m, struct ip *);
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 4bf74c75c94..d9e2ade4790 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.289 2009/06/08 02:39:15 henning Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.290 2009/06/25 09:30:28 sthen Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -504,8 +504,8 @@ struct pf_rule_actions {
 	u_int8_t	log;
 	u_int8_t	set_tos;
 	u_int8_t	min_ttl;
-	u_int8_t	flags;
-	u_int8_t	pad[2];
+	u_int8_t	pad[1];
+	u_int16_t	flags;
 };
 
 union pf_rule_ptr {
@@ -615,8 +615,8 @@ struct pf_rule {
 #define PF_FLUSH		0x01
 #define PF_FLUSH_GLOBAL		0x02
 	u_int8_t		 flush;
-	u_int8_t		 scrub_flags;
-	u_int8_t		 pad2[3];
+	u_int16_t		 scrub_flags;
+	u_int8_t		 pad2[2];
 
 	struct {
 		struct pf_addr		addr;
@@ -1715,7 +1715,7 @@ int	pf_normalize_tcp_stateful(struct mbuf *, int, struct pf_pdesc *,
 	    u_short *, struct tcphdr *, struct pf_state *,
 	    struct pf_state_peer *, struct pf_state_peer *, int *);
 int	pf_normalize_mss(struct mbuf *, int, struct pf_pdesc *, u_int16_t);
-void	pf_scrub_ip(struct mbuf **, u_int8_t, u_int8_t, u_int8_t);
+void	pf_scrub_ip(struct mbuf **, u_int16_t, u_int8_t, u_int8_t);
 void	pf_scrub_ip6(struct mbuf **, u_int8_t);
 u_int32_t
 	pf_state_expires(const struct pf_state *);
-- 
cgit v1.2.3