View | Details | Raw Unified | Return to bug 253872
Collapse All | Expand All

(-)b/sys/netpfil/pf/pf_norm.c (+15 lines)
Lines 158-163 static int pf_reassemble(struct mbuf **, struct ip *, int, u_short *); Link Here
158
static int	pf_reassemble6(struct mbuf **, struct ip6_hdr *,
158
static int	pf_reassemble6(struct mbuf **, struct ip6_hdr *,
159
		    struct ip6_frag *, uint16_t, uint16_t, u_short *);
159
		    struct ip6_frag *, uint16_t, uint16_t, u_short *);
160
static void	pf_scrub_ip6(struct mbuf **, uint8_t);
160
static void	pf_scrub_ip6(struct mbuf **, uint8_t);
161
static void pf_scrub_ip6_frag(struct mbuf **m0, u_int32_t flags, u_int8_t tos);
161
#endif	/* INET6 */
162
#endif	/* INET6 */
162
163
163
#define	DPFPRINTF(x) do {				\
164
#define	DPFPRINTF(x) do {				\
Lines 1278-1287 pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kkif *kif, Link Here
1278
		goto shortpkt;
1279
		goto shortpkt;
1279
1280
1280
	pf_scrub_ip6(&m, r->min_ttl);
1281
	pf_scrub_ip6(&m, r->min_ttl);
1282
    pf_scrub_ip6_frag(&m, r->rule_flag, r->set_tos);
1281
1283
1282
	return (PF_PASS);
1284
	return (PF_PASS);
1283
1285
1284
 fragment:
1286
 fragment:
1287
    pf_scrub_ip6_frag(&m, r->rule_flag, r->set_tos);
1288
1285
	if (sizeof(struct ip6_hdr) + plen > m->m_pkthdr.len)
1289
	if (sizeof(struct ip6_hdr) + plen > m->m_pkthdr.len)
1286
		goto shortpkt;
1290
		goto shortpkt;
1287
1291
Lines 2034-2037 pf_scrub_ip6(struct mbuf **m0, u_int8_t min_ttl) Link Here
2034
	if (min_ttl && h->ip6_hlim < min_ttl)
2038
	if (min_ttl && h->ip6_hlim < min_ttl)
2035
		h->ip6_hlim = min_ttl;
2039
		h->ip6_hlim = min_ttl;
2036
}
2040
}
2041
2042
static void
2043
pf_scrub_ip6_frag(struct mbuf **m0, u_int32_t flags, u_int8_t tos) {
2044
	struct mbuf		*m = *m0;
2045
	struct ip6_hdr		*h = mtod(m, struct ip6_hdr *);
2046
2047
	if (flags & PFRULE_SET_TOS) {
2048
		h->ip6_flow &= ~htonl(0xff << 20);
2049
		h->ip6_flow |= htonl(tos << 20);
2050
	}
2051
}
2037
#endif
2052
#endif

Return to bug 253872