kern/125261: Backport OpenBSD 4.3 patch for pf re-using state
Jeremy Chadwick
koitsu at FreeBSD.org
Fri Jul 4 12:00:09 UTC 2008
>Number: 125261
>Category: kern
>Synopsis: Backport OpenBSD 4.3 patch for pf re-using state
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 04 12:00:08 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Jeremy Chadwick
>Release: FreeBSD 7.0-STABLE amd64
>Organization:
>Environment:
System: FreeBSD icarus.home.lan 7.0-STABLE FreeBSD 7.0-STABLE #0: Sat May 3 16:20:41 PDT 2008 root at icarus.home.lan:/usr/obj/usr/src/sys/PDSMI_PLUS_amd64 amd64
>Description:
OpenBSD 4.3's pf contains a sufficient workaround for a problem
where a state mismatch can occur as a result of a TCP port being
re-used (SYN) before the state table entry is removed. The change
is described here:
http://www.openbsd.org/plus43.html
* In pf(4), allow state reuse if both sides are in FIN_WAIT_2 and a new SYN arrives.
>How-To-Repeat:
n/a
>Fix:
CVS diff is here:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r2=1.559&r1=1.558&f=H
This would have to be applied to src/sys/contrib/net/pf.c, inserted at
line ~4762, for RELENG_7. I believe this can also be backported to RELENG_6.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list