diff options
| author |   bluhm <bluhm@openbsd.org> | 2014-07-13 17:41:04 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2014-07-13 17:41:04 +0000 |
| commit | 249bc5f3a3c1084829b0c73fcd806a889884ba61 (patch) | |
| tree | d8aa1d9812ec8ebcd6baf00e68a9f6f5d1cb02e5 | |
| parent | tweak previous; (diff) | |
| download | wireguard-openbsd-249bc5f3a3c1084829b0c73fcd806a889884ba61.tar.xz wireguard-openbsd-249bc5f3a3c1084829b0c73fcd806a889884ba61.zip | |
When reassembled IPv6 fragments are NATed or RDRed by pf, the
checksum has to be recalculated before the packet is fragmented
again. Put a missing in6_proto_cksum_out() into pf_refragment6().
This makes run-regress-frag6 and run-regress-frag6-ext pass again.
From Matthias Pitzl; OK henning@
| -rw-r--r-- | sys/net/pf_norm.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index f0342fc7191..0601fe2c794 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.165 2014/03/27 12:07:48 jca Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.166 2014/07/13 17:41:04 bluhm Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -703,6 +703,9 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, int dir) mtag = NULL; ftag = NULL; + /* Checksum must be calculated for the whole packet */ + in6_proto_cksum_out(m, NULL); + if (extoff) { int off; |