diff options
| author |   bluhm <bluhm@openbsd.org> | 2011-07-04 18:12:51 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2011-07-04 18:12:51 +0000 |
| commit | 4fe6abd45fc91714b99e306476d15630a3310f59 (patch) | |
| tree | a51fd354c98a4d7ca95c15fc63879dcfdabdfb06 /sys/net | |
| parent | Support "show ip bgp peer-as" in bgplg. (diff) | |
| download | wireguard-openbsd-4fe6abd45fc91714b99e306476d15630a3310f59.tar.xz wireguard-openbsd-4fe6abd45fc91714b99e306476d15630a3310f59.zip | |
Rename the pf_pdesc field rh_cnt to badopts as it is also used for
IPv4 options now.
ok mcbride@ henning@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf.c | 10 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
2 files changed, 7 insertions, 7 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index b03bf565194..9ededb5fbce 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.758 2011/07/04 16:26:23 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.759 2011/07/04 18:12:51 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2997,7 +2997,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, rtable_l2(act.rtableid) != pd->rdomain) pd->destchg = 1; - if (r->action == PF_PASS && pd->rh_cnt && ! r->allow_opts) { + if (r->action == PF_PASS && pd->badopts && ! r->allow_opts) { REASON_SET(&reason, PFRES_IPOPTIONS); pd->pflog |= PF_LOG_FORCE; DPFPRINTF(LOG_NOTICE, "dropping packet with " @@ -5538,7 +5538,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, pd->tot_len = ntohs(h->ip_len); pd->rdomain = rtable_l2(m->m_pkthdr.rdomain); if (h->ip_hl > 5) /* has options */ - pd->rh_cnt++; + pd->badopts++; if (h->ip_off & htons(IP_MF | IP_OFFMASK)) { /* @@ -5620,7 +5620,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, case IPPROTO_ROUTING: { struct ip6_rthdr rthdr; - if (pd->rh_cnt++) { + if (pd->badopts++) { DPFPRINTF(LOG_NOTICE, "IPv6 more than one rthdr"); *action = PF_DROP; @@ -5963,7 +5963,7 @@ done: if (action != PF_DROP) { if (s) { /* The non-state case is handled in pf_test_rule() */ - if (action == PF_PASS && pd.rh_cnt && + if (action == PF_PASS && pd.badopts && !(s->state_flags & PFSTATE_ALLOWOPTS)) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 2a6e50ccefc..f237a2fd419 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.336 2011/07/04 06:54:49 claudio Exp $ */ +/* $OpenBSD: pfvar.h,v 1.337 2011/07/04 18:12:51 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1231,7 +1231,7 @@ struct pf_pdesc { u_int16_t ndport; /* dst port after NAT */ u_int32_t p_len; /* total length of payload */ - u_int32_t rh_cnt; /* # of routing headers */ + u_int32_t badopts; /* v4 options or v6 routing headers */ u_int16_t *ip_sum; u_int16_t *proto_sum; |