Hello,
On Mon, Oct 09, 2023 at 08:07:35PM +0200, Alexander Bluhm wrote:
> Hi,
>
> pf_pull_hdr() allows to pass an action pointer parameter as output
> value. This is never used, all callers pass a NULL argument. Remove
> ACTION_SET() entirely.
>
> The logic if (fragoff >= len) in pf_pull_hdr() looks odd. One is
> the offset in the IP packet, the latter the length of some header
> within the fragment. In revision 1.1 the logic was used to drop
> short TCP or UDP fragments that contained only part of the header.
> This does not work since pf_pull_hdr() supports offsets.
>
> ----------------------------
> revision 1.4
> date: 2001/06/24 20:54:55; author: itojun; state: Exp; lines: +18 -16;
> pull_hdr() now takes header offset explicitly, to help header chain parsing
> (v6, ipsec)
> ----------------------------
>
> The code drops the packets anyway, so always set reason PFRES_FRAG.
>
> ok?
>
yes, please. looks good to me.
OK sashan
