Page MenuHomeFreeBSD

pf: limit how many headers we look at
ClosedPublic

Authored by kp on Jun 3 2025, 12:48 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Sep 27, 2:14 AM
Unknown Object (File)
Tue, Sep 16, 12:45 PM
Unknown Object (File)
Fri, Sep 12, 2:09 AM
Unknown Object (File)
Aug 26 2025, 9:52 AM
Unknown Object (File)
Aug 26 2025, 8:05 AM
Unknown Object (File)
Aug 26 2025, 6:25 AM
Unknown Object (File)
Aug 26 2025, 3:26 AM
Unknown Object (File)
Aug 20 2025, 5:12 AM

Details

Reviewers
None
Group Reviewers
pfsense
Commits
rGdda88af8fa4e: pf: limit how many headers we look at
Summary

Limit the nested header chain for IPv6 extensions headers and for
authentication headers in the IPv4 case. This prevents spending
excessive cpu time on crafted packets.
OK henning@

Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 2e5bc81177
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable