diff options
| author |   bluhm <bluhm@openbsd.org> | 2015-09-11 15:12:29 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2015-09-11 15:12:29 +0000 |
| commit | 592614829067db620b3226a5f6e2caff65e97a97 (patch) | |
| tree | ca4d4a8706bf441853af453a918e47c71107e615 /lib/libssl/src | |
| parent | Move all prototypes of gpt helper functions to top of file. Rename (diff) | |
| download | wireguard-openbsd-592614829067db620b3226a5f6e2caff65e97a97.tar.xz wireguard-openbsd-592614829067db620b3226a5f6e2caff65e97a97.zip | |
When pf modifies a TCP packet, it sets the M_TCP_CSUM_OUT flag in
the mbuf packet header. If the packet and is later dropped in
ip6_forward(), the TCP mbuf is copied and passed to icmp6_error().
IPv6 uses m_copym() and M_PREPEND() which preserve the packet header.
The inherited M_TCP_CSUM_OUT flag generates ICMP6 packets with an
incorrect checksum. So reset the csum_flags when packets are
generated by icmp6_reflect() or icmp6_redirect_output().
IPv4 does m_copydata() into a fresh mbuf. There m_inithdr() clears
the packet header, so the problem does not occur. But setting the
csum_flags explicitly also makes sense for icmp_send(). Do not or
M_ICMP_CSUM_OUT to a value that is 0 because of some function calls
before.
OK mpi@ lteo@
Diffstat (limited to 'lib/libssl/src')
0 files changed, 0 insertions, 0 deletions