CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2017/05/28 08:54:00
Modified files:
sys/net : pf.c
Log message:
Pf was handling IPv4 and IPv6 differently regarding AH extension
headers. pf_walk_header6() steps over it and detects the real
protocol. So to implement a minimal header walking function
pf_walk_header() for IPv4. It does the header checks and jumps
over AH. Then pf does not understand AH as a protocol, it is just
an extension that authenticates the packet. Move some header and
option checks to pf_walk_header() for consistency with IPv6. This
also improves the header check for IPv4 packets in ICMP payload.
OK henning@
