The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=3be4d54ecd118ab6e29a3aa80329e710d8c2fee1
commit 3be4d54ecd118ab6e29a3aa80329e710d8c2fee1
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-05-27 15:02:46 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-06-06 11:15:59 +0000
pf: use 'struct ah' for the AH extension header rather than 'struct ip6_ext'
This fixes the build for NOINET6 kernels, but also more accurately reflects
what
we're doing. The first two fields are the same, so the only functional
change is
that we require slightly more data in the first fragment now.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D50658
---
sys/netpfil/pf/pf.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 69a68d0249b2..0cfb728c3eb5 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -114,6 +114,8 @@
#include <netinet/sctp_header.h>
#include <netinet/sctp_crc32.h>
+#include <netipsec/ah.h>
+
#include <machine/in_cksum.h>
#include <security/mac/mac_framework.h>
@@ -9694,7 +9696,7 @@ pf_dummynet_route(struct pf_pdesc *pd, struct pf_kstate
*s,
static int
pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason)
{
- struct ip6_ext ext;
+ struct ah ext;
u_int32_t hlen, end;
hlen = h->ip_hl << 2;
@@ -9720,8 +9722,8 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short
*reason)
DPFPRINTF(PF_DEBUG_MISC, ("IP short exthdr"));
return (PF_DROP);
}
- pd->off += (ext.ip6e_len + 2) * 4;
- pd->proto = ext.ip6e_nxt;
+ pd->off += (ext.ah_len + 2) * 4;
+ pd->proto = ext.ah_nxt;
break;
default:
return (PF_PASS);
