The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=2ca286d0d2609bbb021f6eaecc6a6b864705719e
commit 2ca286d0d2609bbb021f6eaecc6a6b864705719e
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2024-08-28 13:17:57 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2024-09-16 11:46:09 +0000
pf: always drop ICMPv6 in IPv4 datagrams
Not only when compiled with INET6.
Suggested by Max Laier.
ok henning@
Reviewed by: zlei
Obtained from: OpenBSD, jsing <js...@openbsd.org>, 0ba1e6e32b9
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46575
---
sys/netpfil/pf/pf.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 2066cfbeccff..cb404b93946e 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8828,14 +8828,12 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct
mbuf **m0,
break;
}
-#ifdef INET6
case IPPROTO_ICMPV6: {
action = PF_DROP;
DPFPRINTF(PF_DEBUG_MISC,
("pf: dropping IPv4 packet with ICMPv6 payload\n"));
goto done;
}
-#endif
default:
action = pf_test_state_other(&s, kif, m, &pd);
