Hi,
pf drops IPv4 packets with options by default. For IPv6 the same
is done for certain option headers. I think we should add the
routing header to this list.
ok?
bluhm
Index: net/pf.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/pf.c,v
retrieving revision 1.1051
diff -u -p -r1.1051 pf.c
--- net/pf.c 24 Dec 2017 14:18:19 -0000 1.1051
+++ net/pf.c 27 Dec 2017 12:56:59 -0000
@@ -6326,9 +6326,11 @@ pf_walk_header6(struct pf_pdesc *pd, str
for (hdr_cnt = 0; hdr_cnt < pf_hdr_limit; hdr_cnt++) {
switch (pd->proto) {
+ case IPPROTO_ROUTING:
case IPPROTO_HOPOPTS:
case IPPROTO_DSTOPTS:
pd->badopts++;
+ break;
}
switch (pd->proto) {
case IPPROTO_FRAGMENT:
