Page MenuHomeFreeBSD
Differential D50657

pf: align IPv4 and IPv6 AH header handling
ClosedPublic
Actions

Authored by kp on Jun 3 2025, 12:48 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, May 26, 3:33 AM
Unknown Object (File)
Sun, May 17, 1:11 PM
Unknown Object (File)
Sun, May 17, 7:05 AM
Unknown Object (File)
Sat, May 16, 9:30 PM
Unknown Object (File)
Thu, May 14, 8:30 AM
Unknown Object (File)
Tue, May 12, 4:59 PM
Unknown Object (File)
Mon, May 11, 9:47 AM
Unknown Object (File)
Mon, May 11, 9:05 AM
View All 73 Files
Subscribers
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
None
Group Reviewers
pfsense
Commits
rG09d62e0658d1: pf: align IPv4 and IPv6 AH header handling
Summary

Pf was handling IPv4 and IPv6 differently regarding AH extension
headers. pf_walk_header6() steps over it and detects the real
protocol. So to implement a minimal header walking function
pf_walk_header() for IPv4. It does the header checks and jumps
over AH. Then pf does not understand AH as a protocol, it is just
an extension that authenticates the packet. Move some header and
option checks to pf_walk_header() for consistency with IPv6. This
also improves the header check for IPv4 packets in ICMP payload.
OK henning@

Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 22ef11432c
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 64606
Build 61490: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
65 lines

Diff 156463

View Options

sys/netpfil/pf/pf.c

Loading...