src - FreeBSD source tree

diff options


context:
space:
mode:

author	Max Laier <mlaier@FreeBSD.org>	2008-12-10 21:22:57 +0000
committer	Max Laier <mlaier@FreeBSD.org>	2008-12-10 21:22:57 +0000
commit	17f418e29d3ae329309cbe068d302f7e12e15b55 (patch)
tree	217022ae8627168b7e009c658c02296cc9c8c552 /net/pf_norm.c
parent	c6c4fc3df17fc4a3e8022fd276c04e834febe004 (diff)

vendor/pf-sys/4.3

Diffstat (limited to 'net/pf_norm.c')

-rw-r--r--

net/pf_norm.c

1 files changed, 13 insertions, 6 deletions

diff --git a/net/pf_norm.c b/net/pf_norm.c
index ab3a161f83de..524f8c16469f 100644
--- a/net/pf_norm.c
+++ b/net/pf_norm.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_norm.c,v 1.109 2007/05/28 17:16:39 henning Exp $ */

+/* $OpenBSD: pf_norm.c,v 1.111 2007/12/30 10:32:24 mglocker Exp $ */

@@ -115,7 +115,7 @@ struct mbuf *pf_reassemble(struct mbuf **, struct pf_fragment **,

struct mbuf *pf_fragcache(struct mbuf **, struct ip*,

struct pf_fragment **, int, int, int *);

int pf_normalize_tcpopt(struct pf_rule *, struct mbuf *,

- struct tcphdr *, int);

+ struct tcphdr *, int, sa_family_t);

#define DPFPRINTF(x) do { \

if (pf_status.debug >= PF_DEBUG_MISC) { \

@@ -1316,7 +1316,7 @@ pf_normalize_tcp(int dir, struct pfi_kif *kif, struct mbuf *m, int ipoff,

}

/* Process options */

- if (r->max_mss && pf_normalize_tcpopt(r, m, th, off))

+ if (r->max_mss && pf_normalize_tcpopt(r, m, th, off, pd->af))

rewrite = 1;

/* copy back packet headers if we sanitized */

@@ -1819,17 +1819,21 @@ pf_normalize_tcp_stateful(struct mbuf *m, int off, struct pf_pdesc *pd,

int

pf_normalize_tcpopt(struct pf_rule *r, struct mbuf *m, struct tcphdr *th,

- int off)

+ int off, sa_family_t af)

{

u_int16_t *mss;

int thoff;

int opt, cnt, optlen = 0;

int rewrite = 0;

- u_char *optp;

+ u_char opts[MAX_TCPOPTLEN];

+ u_char *optp = opts;

thoff = th->th_off << 2;

cnt = thoff - sizeof(struct tcphdr);

- optp = mtod(m, caddr_t) + off + sizeof(struct tcphdr);

+ if (cnt > 0 && !pf_pull_hdr(m, off + sizeof(*th), opts, cnt,

+ NULL, NULL, af))

+ return (rewrite);

for (; cnt > 0; cnt -= optlen, optp += optlen) {

opt = optp[0];

@@ -1859,5 +1863,8 @@ pf_normalize_tcpopt(struct pf_rule *r, struct mbuf *m, struct tcphdr *th,

}

+ if (rewrite)

+ m_copyback(m, off + sizeof(*th), thoff - sizeof(*th), opts);

return (rewrite);

}