d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Loopback pf_norm.c rev. 1.106 from OpenBSD:

Browse Source 
fixup IP checksum when modifying IP header fields

PR:		kern/93849
Obtained from:	OpenBSD
MFC after:	3 days
This commit is contained in:
Max Laier 2006-03-25 21:15:25 +00:00
parent 3c09bd01d8
commit 94f2dfdd76
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
sys/contrib/pf/net/pf_norm.c
View File

@ -1,5 +1,6 @@
/* $FreeBSD$ */
/* $OpenBSD: pf_norm.c,v 1.97 2004/09/21 16:59:12 aaron Exp $ */
/* add: $OpenBSD: pf_norm.c,v 1.106 2006/03/25 20:55:24 dhartmei Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@ -988,8 +989,12 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
goto drop;
/* Clear IP_DF if the rule uses the no-df option */
if (r->rule_flag & PFRULE_NODF)
if (r->rule_flag & PFRULE_NODF && h->ip_off & htons(IP_DF)) {
u_int16_t ip_off = h->ip_off;
h->ip_off &= htons(~IP_DF);
h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_off, h->ip_off, 0);
}
/* We will need other tests here */
if (!fragoff && !mff)
@ -1099,11 +1104,20 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
no_fragment:
/* At this point, only IP_DF is allowed in ip_off */
h->ip_off &= htons(IP_DF);
if (h->ip_off & ~htons(IP_DF)) {
u_int16_t ip_off = h->ip_off;
h->ip_off &= htons(IP_DF);
h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_off, h->ip_off, 0);
}
/* Enforce a minimum ttl, may cause endless packet loops */
if (r->min_ttl && h->ip_ttl < r->min_ttl)
if (r->min_ttl && h->ip_ttl < r->min_ttl) {
u_int16_t ip_ttl = h->ip_ttl;
h->ip_ttl = r->min_ttl;
h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_ttl, h->ip_ttl, 0);
}
if (r->rule_flag & PFRULE_RANDOMID) {
u_int16_t ip_id = h->ip_id;
@ -1118,8 +1132,12 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
fragment_pass:
/* Enforce a minimum ttl, may cause endless packet loops */
if (r->min_ttl && h->ip_ttl < r->min_ttl)
if (r->min_ttl && h->ip_ttl < r->min_ttl) {
u_int16_t ip_ttl = h->ip_ttl;
h->ip_ttl = r->min_ttl;
h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_ttl, h->ip_ttl, 0);
}
if ((r->rule_flag & (PFRULE_FRAGCROP|PFRULE_FRAGDROP)) == 0)
pd->flags |= PFDESC_IP_REAS;
return (PF_PASS);