layer 4 info implies !frag
This commit is contained in:
bodea
parent
8cb67386de
commit
728b8416cf
1 changed files with 4 additions and 5 deletions
9
l2tpns.c
9
l2tpns.c
|
|
@ -4,7 +4,7 @@
|
||||||
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
|
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
|
||||||
// vim: sw=8 ts=8
|
// vim: sw=8 ts=8
|
||||||
|
|
||||||
char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.147 2005/11/14 08:38:02 bodea Exp $";
|
char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.148 2005/11/14 21:08:30 bodea Exp $";
|
||||||
|
|
||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
|
|
@ -5350,10 +5350,9 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter)
|
||||||
|
|
||||||
if (frag_offset)
|
if (frag_offset)
|
||||||
{
|
{
|
||||||
// non-fragmented deny rules are skipped if containing L4 matches
|
// layer 4 deny rules are skipped
|
||||||
if (!rule->frag &&
|
if (rule->action == FILTER_ACTION_DENY &&
|
||||||
(rule->src_ports.op || rule->dst_ports.op || rule->tcp_flag_op) &&
|
(rule->src_ports.op || rule->dst_ports.op || rule->tcp_flag_op))
|
||||||
rule->action == FILTER_ACTION_DENY)
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue