kern/93849: pf no-df breaks IP checksum of all tcp traffic
through if_bridge
Max Laier
max at love2party.net
Sat Mar 4 07:10:08 PST 2006
The following reply was made to PR kern/93849; it has been noted by GNATS.
From: Max Laier <max at love2party.net>
To: bug-followup at freebsd.org,
mcdouga9 at egr.msu.edu
Cc:
Subject: Re: kern/93849: pf no-df breaks IP checksum of all tcp traffic through if_bridge
Date: Sat, 4 Mar 2006 16:04:29 +0100
--Boundary-00=_/xaCEsIJLMyzIMC
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Please try the attached patch.
--
Max
--Boundary-00=_/xaCEsIJLMyzIMC
Content-Type: text/x-diff;
charset="us-ascii";
name="nodf.fix.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="nodf.fix.diff"
Index: pf_norm.c
===================================================================
RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pf_norm.c,v
retrieving revision 1.16
diff -u -r1.16 pf_norm.c
--- pf_norm.c 19 Jan 2006 11:46:45 -0000 1.16
+++ pf_norm.c 4 Mar 2006 14:49:13 -0000
@@ -988,8 +988,12 @@
goto drop;
/* Clear IP_DF if the rule uses the no-df option */
- if (r->rule_flag & PFRULE_NODF)
+ if ((r->rule_flag & PFRULE_NODF) {
+ u_int16_t old = h->ip_off;
+
h->ip_off &= htons(~IP_DF);
+ h->ip_sum = pf_cksum_fixup(h->ip_sum, old, h->ip_off, 0);
+ }
/* We will need other tests here */
if (!fragoff && !mff)
--Boundary-00=_/xaCEsIJLMyzIMC--
More information about the freebsd-pf
mailing list