aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Laier <mlaier@FreeBSD.org>2009-08-18 16:21:07 +0000
committerMax Laier <mlaier@FreeBSD.org>2009-08-18 16:21:07 +0000
commitef8d563a0f51f9a51ad48df6ad54f155ebd0533e (patch)
tree0656ac96a60e098378da4fa0ec89525107ab866f
parentdb8ac25da4805123ac32db61e3d169c9ab7b8966 (diff)
downloadsrc-vendor/pf-sys.tar.gz
src-vendor/pf-sys.zip
Notes
Notes: svn path=/vendor-sys/pf/dist/; revision=196362 svn path=/vendor-sys/pf/4.5.002/; revision=196363; tag=vendor/pf-sys/4.5.002
-rw-r--r--net/pf.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/net/pf.c b/net/pf.c
index 1eec998bcdc0..ce288a59b731 100644
--- a/net/pf.c
+++ b/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.633 2009/02/16 00:31:25 dlg Exp $ */
+/* $OpenBSD: pf.c,v 1.634 2009/02/27 12:37:45 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -5243,6 +5243,15 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
break;
}
+#ifdef INET6
+ case IPPROTO_ICMPV6: {
+ action = PF_DROP;
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: dropping IPv4 packet with ICMPv6 payload\n"));
+ goto done;
+ }
+#endif
+
default:
action = pf_test_state_other(&s, dir, kif, m, &pd);
if (action == PF_PASS) {
@@ -5597,6 +5606,13 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
break;
}
+ case IPPROTO_ICMP: {
+ action = PF_DROP;
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: dropping IPv6 packet with ICMPv4 payload\n"));
+ goto done;
+ }
+
case IPPROTO_ICMPV6: {
struct icmp6_hdr ih;