pf dealt poorly with certain types of IPV6 icmp packets.

pf dealt poorly with certain types of IPV6 icmp packets.

Apply by doing:
cd /usr/src
patch -p0 < 006_pf.patch
And then rebuild your kernel.

Index: sys/net/pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.163
diff -u -r1.163 pf.c
--- sys/net/pf.c 15 Oct 2001 16:22:21 -0000 1.163
+++ sys/net/pf.c 13 Nov 2001 18:08:05 -0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.163 2001/10/15 16:22:21 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.166 2001/11/13 17:45:26 frantzen Exp $ */

/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -3953,12 +3953,8 @@
pd2.src = (struct pf_addr *)&h2_6.ip6_src;
pd2.dst = (struct pf_addr *)&h2_6.ip6_dst;
pd2.ip_sum = NULL;
+ off2 = ipoff2 + sizeof(h2_6);
do {
- while (off >= m->m_len) {
- off -= m->m_len;
- m = m->m_next;
- }
-
switch (pd2.proto) {
case IPPROTO_FRAGMENT:
/* XXX we don't handle fagments yet */
@@ -3968,11 +3964,16 @@
case IPPROTO_ROUTING:
case IPPROTO_DSTOPTS: {
/* get next header and header length */
- struct _opt6 *opt6;
+ struct _opt6 opt6;

- opt6 = (struct _opt6 *)(mtod(m, caddr_t) + off2);
- pd2.proto = opt6->opt6_nxt;
- off2 += (opt6->opt6_hlen + 1) * 8;
+ if (!pf_pull_hdr(m, off2, &opt6,
+ sizeof(opt6), NULL, NULL, pd2.af)) {
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: ICMPv6 short opt\n"));
+ return(PF_DROP);
+ }
+ pd2.proto = opt6.opt6_nxt;
+ off2 += (opt6.opt6_hlen + 1) * 8;
/* goto the next header */
break;
}