svn commit: r349366 - head/sys/netpfil/ipfw
Rodney W. Grimes
freebsd at gndrsh.dnsmgr.net
Tue Jun 25 13:28:20 UTC 2019
> Author: ae
> Date: Tue Jun 25 11:40:37 2019
> New Revision: 349366
> URL: https://svnweb.freebsd.org/changeset/base/349366
>
> Log:
> Follow the RFC 3128 and drop short TCP fragments with offset = 1.
>
> Reported by: emaste
> MFC after: 1 week
Can we get a counter or something so that the dropping of these
is not totally silent and invisible?
Thanks,
Rod
> Modified:
> head/sys/netpfil/ipfw/ip_fw2.c
>
> Modified: head/sys/netpfil/ipfw/ip_fw2.c
> ==============================================================================
> --- head/sys/netpfil/ipfw/ip_fw2.c Tue Jun 25 09:11:22 2019 (r349365)
> +++ head/sys/netpfil/ipfw/ip_fw2.c Tue Jun 25 11:40:37 2019 (r349366)
> @@ -1719,6 +1719,11 @@ do { \
> default:
> break;
> }
> + } else {
> + if (offset == 1 && proto == IPPROTO_TCP) {
> + /* RFC 3128 */
> + goto pullup_failed;
> + }
> }
>
> UPDATE_POINTERS();
>
>
--
Rod Grimes rgrimes at freebsd.org
More information about the svn-src-head
mailing list