Module Name: src
Committed By: rmind
Date: Sat Oct 6 23:50:17 UTC 2012
Modified Files:
src/sys/net/npf: npf_state_tcp.c
Log Message:
npf_tcp_inwindow: inspect the sequence numbers even if the packet contains no
data, fixing up only the RST to the initial SYN. This makes off-path attacks
more difficult. For the reference, see "Reflection Scan: an Off-Path Attack
on TCP" by Jan Wrobel.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/sys/net/npf/npf_state_tcp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
