subject:"svn commit\: r349654 \- in stable\: 11\/sys\/contrib\/ipfilter\/netinet 12\/sys\/contrib\/ipfilter\/netinet"

svn commit: r349654 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet

2019-07-03 Thread Cy Schubert

Author: cy
Date: Wed Jul  3 17:04:44 2019
New Revision: 349654
URL: https://svnweb.freebsd.org/changeset/base/349654

Log:
  MFC r349399-349400,349567-349568:
  
  Prompted by r349366, ipfilter is also does not conform to RFC 3128
  by dropping TCP fragments with offset = 1.
  
  In addition to dropping these fragments, add a DTrace probe to allow
  for more detailed monitoring and diagnosis if required.

Modified:
  stable/12/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
  stable/12/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/11/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/12/sys/contrib/ipfilter/netinet/fil.c
==
--- stable/12/sys/contrib/ipfilter/netinet/fil.cWed Jul  3 16:53:59 
2019(r349653)
+++ stable/12/sys/contrib/ipfilter/netinet/fil.cWed Jul  3 17:04:44 
2019(r349654)
@@ -1728,6 +1728,10 @@ ipf_pr_ipv4hdr(fin)
 
fi->fi_flx |= FI_FRAG;
off &= IP_OFFMASK;
+   if (off == 1 && p == IPPROTO_TCP) {
+   fin->fin_flx |= FI_SHORT;   /* RFC 3128 */
+   DT1(ipf_fi_tcp_frag_off_1, fr_info_t *, fin);
+   }
if (off != 0) {
fin->fin_flx |= FI_FRAGBODY;
off <<= 3;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r349654 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet

2019-07-03 Thread Cy Schubert

Author: cy
Date: Wed Jul  3 17:04:44 2019
New Revision: 349654
URL: https://svnweb.freebsd.org/changeset/base/349654

Log:
  MFC r349399-349400,349567-349568:
  
  Prompted by r349366, ipfilter is also does not conform to RFC 3128
  by dropping TCP fragments with offset = 1.
  
  In addition to dropping these fragments, add a DTrace probe to allow
  for more detailed monitoring and diagnosis if required.

Modified:
  stable/11/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
  stable/11/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/12/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/11/sys/contrib/ipfilter/netinet/fil.c
==
--- stable/11/sys/contrib/ipfilter/netinet/fil.cWed Jul  3 16:53:59 
2019(r349653)
+++ stable/11/sys/contrib/ipfilter/netinet/fil.cWed Jul  3 17:04:44 
2019(r349654)
@@ -1728,6 +1728,10 @@ ipf_pr_ipv4hdr(fin)
 
fi->fi_flx |= FI_FRAG;
off &= IP_OFFMASK;
+   if (off == 1 && p == IPPROTO_TCP) {
+   fin->fin_flx |= FI_SHORT;   /* RFC 3128 */
+   DT1(ipf_fi_tcp_frag_off_1, fr_info_t *, fin);
+   }
if (off != 0) {
fin->fin_flx |= FI_FRAGBODY;
off <<= 3;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r349654 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet

svn commit: r349654 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet

2 matches

Site Navigation

Mail list logo

Footer information