When using pf routing options, properly handle IP fragmentation

for interfaces with TSO enabled, otherwise one would see an extra
ICMP unreach, frag needed pre matching packet on lo0.
This syncs pf code to ip_output.c r162084.

PR:		kern/144311
Submitted by:	yongari via mlaier
Reviewed by:	eri
Tested by:	kib
MFC after:	8 days
This commit is contained in:
bz 2010-09-10 00:00:06 +00:00
parent 45eae14854
commit b27a644a18

View File

@ -6375,6 +6375,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
m0->m_pkthdr.csum_flags &= ifp->if_hwassist;
if (ntohs(ip->ip_len) <= ifp->if_mtu ||
(m0->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 ||
(ifp->if_hwassist & CSUM_FRAGMENT &&
((ip->ip_off & htons(IP_DF)) == 0))) {
/*
@ -6449,7 +6450,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
* Too large for interface; fragment if possible.
* Must be able to put at least 8 bytes per fragment.
*/
if (ip->ip_off & htons(IP_DF)) {
if (ip->ip_off & htons(IP_DF) || (m0->m_pkthdr.csum_flags & CSUM_TSO)) {
KMOD_IPSTAT_INC(ips_cantfrag);
if (r->rt != PF_DUPTO) {
#ifdef __FreeBSD__