From owner-cvs-src@FreeBSD.ORG  Sun Dec  5 12:15:44 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id BC9D516A4CE; Sun,  5 Dec 2004 12:15:44 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 990DE43D1D; Sun,  5 Dec 2004 12:15:44 +0000 (GMT)
	(envelope-from dhartmei@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id iB5CFip8079762;
	Sun, 5 Dec 2004 12:15:44 GMT
	(envelope-from dhartmei@repoman.freebsd.org)
Received: (from dhartmei@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id iB5CFih3079761;
	Sun, 5 Dec 2004 12:15:44 GMT
	(envelope-from dhartmei)
Message-Id: <200412051215.iB5CFih3079761@repoman.freebsd.org>
From: Daniel Hartmeier <dhartmei@FreeBSD.org>
Date: Sun, 5 Dec 2004 12:15:44 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/contrib/pf/net pf.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Dec 2004 12:15:44 -0000

dhartmei    2004-12-05 12:15:44 UTC

  FreeBSD src repository

  Modified files:
    sys/contrib/pf/net   pf.c 
  Log:
  IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6
  header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing
  the header chain. In the case where headers are skipped, the protocol
  checksum verification used the wrong length (included the skipped headers),
  leading to incorrectly mismatching checksums. Such IPv6 packets with
  headers were silently dropped.
  
  Discovered by:  Bernhard Schmidt
  MFC after:      1 week
  
  Revision  Changes    Path
  1.24      +6 -3      src/sys/contrib/pf/net/pf.c