diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2025-08-25 08:01:49 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2025-09-02 21:10:20 +0000 |
| commit | aa790af10a9a2ce36ca0b2bc445a01431b8bc0c4 (patch) | |
| tree | 2171f6d7dfb8142b50e5a7ff852ab6a00d248b85 | |
| parent | 5af7499b6d81e0514dc79d74a10e2b2a0e3fe08b (diff) | |
pf(4) when doing af-to translation for ICMP protocol sends packets
with TTL field to zero. To fix it function pf_test_state_icmp()
must initialize ttl field in pf_pdesc structure for inner packet.
feedback from bluhm@
OK bluhm@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 0d48c46cfe
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | sys/netpfil/pf/pf.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index e9b73827aa7d..d15a16c54f81 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -8048,6 +8048,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, return (PF_DROP); pd2.tot_len = ntohs(h2.ip_len); + pd2.ttl = h2.ip_ttl; pd2.src = (struct pf_addr *)&h2.ip_src; pd2.dst = (struct pf_addr *)&h2.ip_dst; pd2.ip_sum = &h2.ip_sum; @@ -8070,6 +8071,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, pd2.tot_len = ntohs(h2_6.ip6_plen) + sizeof(struct ip6_hdr); + pd2.ttl = h2_6.ip6_hlim; pd2.src = (struct pf_addr *)&h2_6.ip6_src; pd2.dst = (struct pf_addr *)&h2_6.ip6_dst; pd2.ip_sum = NULL; |