8 bytes of data were dropped.
- If the packet is a fragment, return. There is no UDP header in this case.
- Don't set the FI_SHORT flag. Already tested in `frpr_short()'.
- Remove unneeded test `!fin->fin_off'.
Approved by: Christos Zoulas <christos@netbsd.org>
allowing rules to be set to match only ipv4/ipv6. And so ipnat must be updated
to actually set this field correctly but to keep things working for old
versions of ipnat (that will set this to 0), make the ioctl handler "update"
the 0 to a 4 to keep things working when people just upgrade kernels. This
forces NAT rule matching to be limited to ipv4 only, here forward, fixing
kern/28662
state is not applicable. The fix just reverts the new code that blocked
packets where fr_addstate() fails. This is not correct in all cases, but
blocking them is a bit drastic and breaks existing functionality. The proper
fix is to change fr_addstate() to return:
- state added
- adding state failed
- adding state is not applicable
and then filter packets only in the second case. I am leaving this for someone
else.
the fastroute function so that it uses accurate packet information about
the packet being sent out rather than the packet received (impacts both
return-rst and return-icmp features.)
PR: kern/27093
are present or vice versa
* Fix matching of IPv6 state entries when the initial packet is a
sent to a multicast address. This includes not updating the address as
being fixed when a second (or further) such packet is seen before a reply.
* Disable code, for now, that limited how many ICMP packets could match a
state entry based on the number of real packets seen.
martti