git: 2ca286d0d260 - main - pf: always drop ICMPv6 in IPv4 datagrams
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 16 Sep 2024 13:05:20 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=2ca286d0d2609bbb021f6eaecc6a6b864705719e commit 2ca286d0d2609bbb021f6eaecc6a6b864705719e Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-08-28 13:17:57 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-09-16 11:46:09 +0000 pf: always drop ICMPv6 in IPv4 datagrams Not only when compiled with INET6. Suggested by Max Laier. ok henning@ Reviewed by: zlei Obtained from: OpenBSD, jsing <jsing@openbsd.org>, 0ba1e6e32b9 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D46575 --- sys/netpfil/pf/pf.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 2066cfbeccff..cb404b93946e 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -8828,14 +8828,12 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, break; } -#ifdef INET6 case IPPROTO_ICMPV6: { action = PF_DROP; DPFPRINTF(PF_DEBUG_MISC, ("pf: dropping IPv4 packet with ICMPv6 payload\n")); goto done; } -#endif default: action = pf_test_state_other(&s, kif, m, &pd);