aboutsummaryrefslogtreecommitdiff
path: root/sys/netpfil/pf/pf_lb.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netpfil/pf/pf_lb.c')
-rw-r--r--sys/netpfil/pf/pf_lb.c25
1 files changed, 24 insertions, 1 deletions
diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c
index a37813412d8e..e80d105c17df 100644
--- a/sys/netpfil/pf/pf_lb.c
+++ b/sys/netpfil/pf/pf_lb.c
@@ -53,6 +53,15 @@ __FBSDID("$FreeBSD$");
#include <net/pfvar.h>
#include <net/if_pflog.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip_icmp.h>
+
+#ifdef INET6
+#include <netinet/ip6.h>
+#include <netinet/icmp6.h>
+#endif
+
#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x
static void pf_hash(struct pf_addr *, struct pf_addr *,
@@ -224,9 +233,23 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r,
if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn))
return (1);
- if (proto == IPPROTO_ICMP) {
+ switch (proto) {
+ case IPPROTO_ICMP:
+ if (dport != ICMP_ECHO)
+ return (0);
low = 1;
high = 65535;
+ break;
+#ifdef INET6
+ case IPPROTO_ICMPV6:
+ if (dport != ICMP_ECHO)
+ return (0);
+ low = 1;
+ high = 65535;
+ break;
+#endif
+ default:
+ return (0); /* Don't try to modify non-echo ICMP */
}
bzero(&key, sizeof(key));
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-08 12:39:55 +0000