diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1611,7 +1611,7 @@
 	struct pf_rule_actions	act;
 
 	u_int32_t	 p_len;		/* total length of payload */
-	u_int32_t	 rh_cnt;	/* Route header count */
+	u_int32_t	 badopts;	/* v4 options or v6 routing headers */
 
 	u_int16_t	*ip_sum;
 	u_int16_t	*proto_sum;
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8600,7 +8600,7 @@
 		pd->act.rtableid = -1;
 
 		if (h->ip_hl > 5)	/* has options */
-			pd->rh_cnt++;
+			pd->badopts++;
 
 		/* fragments not reassembled handled later */
 		if (h->ip_off & htons(IP_MF | IP_OFFMASK))
@@ -8643,7 +8643,7 @@
 			case IPPROTO_ROUTING: {
 				struct ip6_rthdr rthdr;
 
-				if (pd->rh_cnt++) {
+				if (pd->badopts++) {
 					DPFPRINTF(PF_DEBUG_MISC,
 					    ("pf: IPv6 more than one rthdr"));
 					*action = PF_DROP;
@@ -9236,7 +9236,7 @@
 done:
 	PF_RULES_RUNLOCK();
 
-	if (action == PF_PASS && pd.rh_cnt &&
+	if (action == PF_PASS && pd.badopts &&
 	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
 		action = PF_DROP;
 		REASON_SET(&reason, PFRES_IPOPTIONS);