CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2022/04/29 02:58:49
Modified files:
sys/net : pf.c pfvar_priv.h
Log message:
IGMP and ICMP6 MLD packets always have the router alert option set.
pf blocked IPv4 options and IPv6 option header by default. This
forced users to set allow-opts in pf rules.
Better let multicast work by default. Detect router alerts by
parsing IP options and hop by hop headers. If the packet has only
this option and is a multicast control packet, do not block it due
to bad options.
tested by otto@; OK sashan@
