From dd5f5f2b1bd18dd5784db92842fd3cb3393eef28 Mon Sep 17 00:00:00 2001 From: "Bjoern A. Zeeb" Date: Fri, 10 Sep 2010 00:00:06 +0000 Subject: [PATCH] When using pf routing options, properly handle IP fragmentation for interfaces with TSO enabled, otherwise one would see an extra ICMP unreach, frag needed pre matching packet on lo0. This syncs pf code to ip_output.c r162084. PR: kern/144311 Submitted by: yongari via mlaier Reviewed by: eri Tested by: kib MFC after: 8 days --- sys/contrib/pf/net/pf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c index ebe73c2e9320..242834d80afc 100644 --- a/sys/contrib/pf/net/pf.c +++ b/sys/contrib/pf/net/pf.c @@ -6375,6 +6375,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, m0->m_pkthdr.csum_flags &= ifp->if_hwassist; if (ntohs(ip->ip_len) <= ifp->if_mtu || + (m0->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 || (ifp->if_hwassist & CSUM_FRAGMENT && ((ip->ip_off & htons(IP_DF)) == 0))) { /* @@ -6449,7 +6450,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, * Too large for interface; fragment if possible. * Must be able to put at least 8 bytes per fragment. */ - if (ip->ip_off & htons(IP_DF)) { + if (ip->ip_off & htons(IP_DF) || (m0->m_pkthdr.csum_flags & CSUM_TSO)) { KMOD_IPSTAT_INC(ips_cantfrag); if (r->rt != PF_DUPTO) { #ifdef __FreeBSD__