CVSROOT: /cvs
Module name: src
Changes by: henn...@cvs.openbsd.org 2011/04/05 14:37:00
Modified files:
sys/net : pf.c
Log message:
in pf_check_proto_cksum, consider packets with the CSUM_OUT flags set
to be ok. there is no checksum we could verify and for the moment these
are locally generated packets anyway. and this really is just the stupid
'stealth bridge detection' countermeasure shit (when you want a "stealth"
bridge and explictely ask pf to return RSTs/icmp errors, you need to
seek medical help in any case).
this is needed so that we eventually can move the in_proto_cksum_out (and
its ipvshit counterpart once we get it) calls to after the pf_test calls
in the output routines
ok dlg fondue-kinda-ok claudio
