From d7162c24a6515826264df81bd471658b760a986e Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Fri, 29 Jun 2001 18:36:18 +0000 Subject: move pf_test check to happen after checksum calculation - without this packets originating from this host (such as with an rdr to localhost for transparent proxying) do not get checksummed correctly, because the pf code does not have a correct checksum to fix up (ok kjell@) --- sys/netinet/ip_output.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) (limited to 'sys') diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 42a69af4bee..d089d2d71c9 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.131 2001/06/28 21:53:42 provos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.132 2001/06/29 18:36:17 beck Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -638,18 +638,6 @@ sendit: } #endif /* IPSEC */ - /* - * Packet filter - */ -#if NPF > 0 - if (pf_test(PF_OUT, ifp, &m) != PF_PASS) { - error = EHOSTUNREACH; - m_freem(m); - goto done; - } - ip = mtod(m, struct ip *); - hlen = ip->ip_hl << 2; -#endif /* Catch routing changes wrt. hardware checksumming for TCP or UDP. */ if (m->m_pkthdr.csum & M_TCPV4_CSUM_OUT) { if (!(ifp->if_capabilities & IFCAP_CSUM_TCPv4) || @@ -665,6 +653,19 @@ sendit: } } + /* + * Packet filter + */ +#if NPF > 0 + if (pf_test(PF_OUT, ifp, &m) != PF_PASS) { + error = EHOSTUNREACH; + m_freem(m); + goto done; + } + ip = mtod(m, struct ip *); + hlen = ip->ip_hl << 2; +#endif + /* * If small enough for interface, can just send directly. */ -- cgit v1.2.3