Diffusion FreeBSD src repository 07ed2396985f

pf: make TCP sequence number tracking less strict by one octet for FIN packets
07ed2396985f
Actions

Description

pf: make TCP sequence number tracking less strict by one octet for FIN packets

The data of a TCP packet must fit into the announced window, but this is not
required for the sequence number of the FIN. A packet with the FIN bit set and
containing data that fits exactly into the announced window was blocked. Our
stack generates such packets when the receive buffer size is set to 1024. Now
pf uses only the data lenght for window comparison.
OK henning@

Obtained From: OpenBSD
Sponsored by: Rubicon Communications, LLC ("Netgate")

Details

Provenance

kp	Authored on Wed, Jun 12, 6:05 PM

Parents

rG20a2fe68faac: pf: correctly reset max_win if the SYN-ACK lacks a wscale option.

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG07ed2396985f: pf: make TCP sequence number tracking less strict by one octet for FIN packets (authored by kp).Wed, Jun 12, 9:33 PM

Changes (1)

Path

Size

sys/

netpfil/

pf/

pf.c

rG07ed2396985f

View Options