From: bluhm <bluhm@openbsd.org>
Date: Thu, 28 Dec 2017 11:37:44 +0000 (+0000)
Subject: pf drops IPv4 packets with any options by default.  For IPv6 the
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bfcbb272c6f4c3341685dc0476a56cd2df40548c;p=openbsd

pf drops IPv4 packets with any options by default.  For IPv6 the
same is already done for options header.  Add the routing extension
header to the list that need "allow-opts" to pass.
OK sashan@ visa@
---

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 27a1f9e696b..274f9608e7e 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1051 2017/12/24 14:18:19 bluhm Exp $ */
+/*	$OpenBSD: pf.c,v 1.1052 2017/12/28 11:37:44 bluhm Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -6326,9 +6326,11 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason)
 
 	for (hdr_cnt = 0; hdr_cnt < pf_hdr_limit; hdr_cnt++) {
 		switch (pd->proto) {
+		case IPPROTO_ROUTING:
 		case IPPROTO_HOPOPTS:
 		case IPPROTO_DSTOPTS:
 			pd->badopts++;
+			break;
 		}
 		switch (pd->proto) {
 		case IPPROTO_FRAGMENT: