Module Name: src
Committed By: christos
Date: Wed Jun 26 15:31:17 UTC 2019
Modified Files:
src/sys/external/bsd/ipf/netinet: fil.c
Log Message:
Conform to RFC 3128 by dropping TCP fragments with offset = 1.
In addition to dropping these fragments, add a DTrace probe to allow
for more detailed monitoring and diagnosis if required.
>From FreeBSD r349399, reported vy Cy Schubert
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/sys/external/bsd/ipf/netinet/fil.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/fil.c
diff -u src/sys/external/bsd/ipf/netinet/fil.c:1.27 src/sys/external/bsd/ipf/netinet/fil.c:1.28
--- src/sys/external/bsd/ipf/netinet/fil.c:1.27 Wed Jun 26 11:26:57 2019
+++ src/sys/external/bsd/ipf/netinet/fil.c Wed Jun 26 11:31:17 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: fil.c,v 1.27 2019/06/26 15:26:57 christos Exp $ */
+/* $NetBSD: fil.c,v 1.28 2019/06/26 15:31:17 christos Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -141,7 +141,7 @@ extern struct timeout ipf_slowtimer_ch;
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.27 2019/06/26 15:26:57 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.28 2019/06/26 15:31:17 christos Exp $");
#else
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
@@ -1721,6 +1721,10 @@ ipf_pr_ipv4hdr(fr_info_t *fin)
* calculate the byte offset that it represents.
*/
off &= IP_MF|IP_OFFMASK;
+ if (off == 1 && p == IPPROTO_TCP) {
+ fin->fin_flx |= FI_SHORT; /* RFC 3128 */
+ DT1(ipf_fi_tcp_frag_off_1, fr_info_t *, fin);
+ }
if (off != 0) {
int morefrag = off & IP_MF;
