layer 4 info implies !frag release_2_1_11
authorbodea <bodea>
Mon, 14 Nov 2005 21:08:30 +0000 (21:08 +0000)
committerbodea <bodea>
Mon, 14 Nov 2005 21:08:30 +0000 (21:08 +0000)
l2tpns.c

index 8af4eb2..0d9a2c2 100644 (file)
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -4,7 +4,7 @@
 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
 // vim: sw=8 ts=8
 
 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
 // vim: sw=8 ts=8
 
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.147 2005/11/14 08:38:02 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.148 2005/11/14 21:08:30 bodea Exp $";
 
 #include <arpa/inet.h>
 #include <assert.h>
 
 #include <arpa/inet.h>
 #include <assert.h>
@@ -5350,10 +5350,9 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter)
 
                if (frag_offset)
                {
 
                if (frag_offset)
                {
-                       // non-fragmented deny rules are skipped if containing L4 matches
-                       if (!rule->frag &&
-                           (rule->src_ports.op || rule->dst_ports.op || rule->tcp_flag_op) &&
-                           rule->action == FILTER_ACTION_DENY)
+                       // layer 4 deny rules are skipped
+                       if (rule->action == FILTER_ACTION_DENY &&
+                           (rule->src_ports.op || rule->dst_ports.op || rule->tcp_flag_op))
                                continue;
                }
                else
                                continue;
                }
                else