diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 6dda410d832..d3fb5dcc00a 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -1254,6 +1254,8 @@ pf_normalize_ip6(struct mbuf **m0, struct pfi_kkif *kif, if (sizeof(struct ip6_hdr) + IPV6_MAXPACKET < m->m_pkthdr.len) goto drop; +again: + h = mtod(m, struct ip6_hdr *); plen = ntohs(h->ip6_plen); /* jumbo payload option not supported */ if (plen == 0) @@ -1322,6 +1324,8 @@ pf_normalize_ip6(struct mbuf **m0, struct pfi_kkif *kif, return (PF_PASS); fragment: + if (pd->flags & PFDESC_IP_REAS) + return (PF_DROP); if (sizeof(struct ip6_hdr) + plen > m->m_pkthdr.len) goto shortpkt; @@ -1339,7 +1343,7 @@ pf_normalize_ip6(struct mbuf **m0, struct pfi_kkif *kif, return (PF_DROP); pd->flags |= PFDESC_IP_REAS; - return (PF_PASS); + goto again; shortpkt: REASON_SET(reason, PFRES_SHORT);