this was not meant to go to the list, and the analysis was off due to a
difference in kernel sources. meanwhile mbalmer went into that bug to
and I found it. It is obvious why nobody ran in to it yet; it is ipv6
only.
Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.579
diff -u -p -r1.579 pf.c
--- pf.c 2 Jun 2008 11:38:22 -0000 1.579
+++ pf.c 8 Jun 2008 17:13:11 -0000
@@ -3058,7 +3058,8 @@ pf_test_rule(struct pf_rule **rm, struct
goto cleanup;
}
- bip_sum = *pd->ip_sum;
+ if (pd->ip_sum)
+ bip_sum = *pd->ip_sum;
switch (pd->proto) {
case IPPROTO_TCP:
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
