diff options
| author | mlaier <mlaier@FreeBSD.org> | 2007-11-21 10:12:52 +0000 |
|---|---|---|
| committer | mlaier <mlaier@FreeBSD.org> | 2007-11-21 10:12:52 +0000 |
| commit | 1f6cdb5c23eeae25e84a02bc1c67f697a1826ca1 (patch) | |
| tree | c21ab77b7c9d79099870d45535c77da6d51baa19 /sys/contrib | |
| parent | df28d4b72f5b72653df344622ae8461f17512038 (diff) | |
| download | FreeBSD-src-1f6cdb5c23eeae25e84a02bc1c67f697a1826ca1.zip FreeBSD-src-1f6cdb5c23eeae25e84a02bc1c67f697a1826ca1.tar.gz | |
Reloop OpenBSD rev. 1.563:
In pf_test_fragment(), ignore protocol-specific criteria for packets of
different protocols.
Reported by: des
Obtained from: OpenBSD
MFC after: 3 days
Diffstat (limited to 'sys/contrib')
| -rw-r--r-- | sys/contrib/pf/net/pf.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c index b751f33..69a7de5 100644 --- a/sys/contrib/pf/net/pf.c +++ b/sys/contrib/pf/net/pf.c @@ -4560,9 +4560,17 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct pfi_kif *kif, r = r->skip[PF_SKIP_DST_ADDR].ptr; else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); - else if (r->src.port_op || r->dst.port_op || - r->flagset || r->type || r->code || - r->os_fingerprint != PF_OSFP_ANY) + else if (r->os_fingerprint != PF_OSFP_ANY) + r = TAILQ_NEXT(r, entries); + else if (pd->proto == IPPROTO_UDP && + (r->src.port_op || r->dst.port_op)) + r = TAILQ_NEXT(r, entries); + else if (pd->proto == IPPROTO_TCP && + (r->src.port_op || r->dst.port_op || r->flagset)) + r = TAILQ_NEXT(r, entries); + else if ((pd->proto == IPPROTO_ICMP || + pd->proto == IPPROTO_ICMPV6) && + (r->type || r->code)) r = TAILQ_NEXT(r, entries); else if (r->prob && r->prob <= arc4random()) r = TAILQ_NEXT(r, entries); |
