Module Name: src
Committed By: maxv
Date: Sat Apr 7 09:06:27 UTC 2018
Modified Files:
src/sys/net/npf: npf_inet.c
Log Message:
Rewrite npf_fetch_tcpopts:
* Instead of doing several nbuf_advance/nbuf_ensure_contig and
playing with gotos, fetch the TCP options only once, and iterate over
the (safe) area. The code is similar to tcp_dooptions.
* When handling TCPOPT_MAXSEG and TCPOPT_WINDOW, ensure the length is
the one we're expecting. If it isn't, then skip the option. This
wasn't done before, and not doing it allowed a packet to bypass the
max-mss clamping procedure. Discussed on tech-net@.
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/sys/net/npf/npf_inet.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
