cvs commit: src/sys/contrib/pf/net pf.c
Daniel Hartmeier
dhartmei at FreeBSD.org
Sun Dec 5 04:15:44 PST 2004
dhartmei 2004-12-05 12:15:44 UTC
FreeBSD src repository
Modified files:
sys/contrib/pf/net pf.c
Log:
IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6
header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing
the header chain. In the case where headers are skipped, the protocol
checksum verification used the wrong length (included the skipped headers),
leading to incorrectly mismatching checksums. Such IPv6 packets with
headers were silently dropped.
Discovered by: Bernhard Schmidt
MFC after: 1 week
Revision Changes Path
1.24 +6 -3 src/sys/contrib/pf/net/pf.c
More information about the cvs-src
mailing list