* Daniel Hartmeier <[EMAIL PROTECTED]> [2008-02-14 16:37]:
> On Tue, Feb 12, 2008 at 07:40:14PM +0100, Helmut Schneider wrote:
>
> > Is that expected?
>
> No, it's a bug introduced with pf.c 1.534 after 4.1 was released.
>
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r1=1.533&r2=1.534&f=h
>
> For IPv6 TCP, calling pf_check_proto_cksum() with AF_INET will always
> fail. No RST will be generated, the 'proto-cksum' counter in pfctl -si
> output will increase instead.
>
> Henning?
looks like I screwed that a bit...
this enough to fix it?
Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.565
diff -u -p -r1.565 pf.c
--- pf.c 22 Nov 2007 02:01:46 -0000 1.565
+++ pf.c 14 Feb 2008 15:57:20 -0000
@@ -3243,7 +3243,7 @@ pf_test_rule(struct pf_rule **rm, struct
struct ip *h = mtod(m, struct ip *);
if (pf_check_proto_cksum(m, off,
- ntohs(h->ip_len) - off, IPPROTO_TCP, AF_INET))
+ ntohs(h->ip_len) - off, IPPROTO_TCP, pd->af))
REASON_SET(&reason, PFRES_PROTCKSUM);
else {
if (th->th_flags & TH_SYN)
