From 30f3c300d8d28e84a49c574e8bd0db454de92910 Mon Sep 17 00:00:00 2001 From: glebius Date: Sat, 6 Oct 2012 07:06:57 +0000 Subject: The pfil(9) layer guarantees us presence of the protocol header, so remove extra check, that is always false. P.S. Also, goto there lead to unlocking a not locked rwlock. --- sys/netpfil/pf/pf.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 0eacc5a..00150f3 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5620,13 +5620,6 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) if (m->m_flags & M_SKIP_FIREWALL) return (PF_PASS); - if (m->m_pkthdr.len < (int)sizeof(struct ip)) { - action = PF_DROP; - REASON_SET(&reason, PFRES_SHORT); - log = 1; - goto done; - } - pd.pf_mtag = pf_find_mtag(m); PF_RULES_RLOCK(); @@ -5992,13 +5985,6 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) if (kif->pfik_flags & PFI_IFLAG_SKIP) return (PF_PASS); - if (m->m_pkthdr.len < (int)sizeof(*h)) { - action = PF_DROP; - REASON_SET(&reason, PFRES_SHORT); - log = 1; - goto done; - } - PF_RULES_RLOCK(); /* We do IP header normalization and packet reassembly here */ -- cgit v1.1