svn commit: r349644 - stable/12/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Wed Jul 3 09:46:31 UTC 2019
Author: ae
Date: Wed Jul 3 09:46:30 2019
New Revision: 349644
URL: https://svnweb.freebsd.org/changeset/base/349644
Log:
MFC r349366:
Follow the RFC 3128 and drop short TCP fragments with offset = 1.
Modified:
stable/12/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/12/sys/netpfil/ipfw/ip_fw2.c Wed Jul 3 09:45:02 2019 (r349643)
+++ stable/12/sys/netpfil/ipfw/ip_fw2.c Wed Jul 3 09:46:30 2019 (r349644)
@@ -1688,6 +1688,11 @@ do { \
default:
break;
}
+ } else {
+ if (offset == 1 && proto == IPPROTO_TCP) {
+ /* RFC 3128 */
+ goto pullup_failed;
+ }
}
ip = mtod(m, struct ip *);
More information about the svn-src-all
mailing list