svn commit: r349648 - stable/11/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Wed Jul 3 09:52:00 UTC 2019
Author: ae
Date: Wed Jul 3 09:51:59 2019
New Revision: 349648
URL: https://svnweb.freebsd.org/changeset/base/349648
Log:
MFC r349366:
Follow the RFC 3128 and drop short TCP fragments with offset = 1.
Modified:
stable/11/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw2.c Wed Jul 3 09:49:47 2019 (r349647)
+++ stable/11/sys/netpfil/ipfw/ip_fw2.c Wed Jul 3 09:51:59 2019 (r349648)
@@ -1686,6 +1686,11 @@ do { \
default:
break;
}
+ } else {
+ if (offset == 1 && proto == IPPROTO_TCP) {
+ /* RFC 3128 */
+ goto pullup_failed;
+ }
}
ip = mtod(m, struct ip *);
More information about the svn-src-stable-11
mailing list