From a9a131902d6496e49c70dc5d655e7696fde2778d Mon Sep 17 00:00:00 2001
From: Cy Schubert <cy@FreeBSD.org>
Date: Sun, 30 Jun 2019 22:27:58 +0000
Subject: Revert r349400. It has uintended effects.

Reported by:	christos@NetBSD.org
X-MFC with:	r349400.
---
 sys/contrib/ipfilter/netinet/fil.c | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

(limited to 'sys/contrib/ipfilter')

diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c
index 1d142165c341..15f157b8ca8d 100644
--- a/sys/contrib/ipfilter/netinet/fil.c
+++ b/sys/contrib/ipfilter/netinet/fil.c
@@ -1732,22 +1732,24 @@ ipf_pr_ipv4hdr(fin)
 
 		fi->fi_flx |= FI_FRAG;
 		off &= IP_OFFMASK;
-		fin->fin_flx |= FI_FRAGBODY;
-		off <<= 3;
-		if ((off + fin->fin_dlen > 65535) ||
-		    (fin->fin_dlen == 0) ||
-		    ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) {
-			/*
-			 * The length of the packet, starting at its
-			 * offset cannot exceed 65535 (0xffff) as the
-			 * length of an IP packet is only 16 bits.
-			 *
-			 * Any fragment that isn't the last fragment
-			 * must have a length greater than 0 and it
-			 * must be an even multiple of 8.
-			 */
-			fi->fi_flx |= FI_BAD;
-			DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *, fin);
+		if (off != 0) {
+			fin->fin_flx |= FI_FRAGBODY;
+			off <<= 3;
+			if ((off + fin->fin_dlen > 65535) ||
+			    (fin->fin_dlen == 0) ||
+			    ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) {
+				/*
+				 * The length of the packet, starting at its
+				 * offset cannot exceed 65535 (0xffff) as the
+				 * length of an IP packet is only 16 bits.
+				 *
+				 * Any fragment that isn't the last fragment
+				 * must have a length greater than 0 and it
+				 * must be an even multiple of 8.
+				 */
+				fi->fi_flx |= FI_BAD;
+				DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *, fin);
+			}
 		}
 	}
 	fin->fin_off = off;
-- 
cgit v1.2.3