svn commit: r349366 - head/sys/netpfil/ipfw

Tue, 25 Jun 2019 04:41:39 -0700 

Author: ae
Date: Tue Jun 25 11:40:37 2019
New Revision: 349366
URL: https://svnweb.freebsd.org/changeset/base/349366

Log:
  Follow the RFC 3128 and drop short TCP fragments with offset = 1.
  
  Reported by:  emaste
  MFC after:    1 week

Modified:
  head/sys/netpfil/ipfw/ip_fw2.c

Modified: head/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw2.c      Tue Jun 25 09:11:22 2019        
(r349365)
+++ head/sys/netpfil/ipfw/ip_fw2.c      Tue Jun 25 11:40:37 2019        
(r349366)
@@ -1719,6 +1719,11 @@ do {                                                     
        \
                        default:
                                break;
                        }
+               } else {
+                       if (offset == 1 && proto == IPPROTO_TCP) {
+                               /* RFC 3128 */
+                               goto pullup_failed;
+                       }
                }
 
                UPDATE_POINTERS();
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to