Diffusion FreeBSD src repository 45e256e24c97

pf: remove incorrect fragmentation check
45e256e24c97
Actions

Description

pf: remove incorrect fragmentation check

We do not need to check PFDESC_IP_REAS while tracking TCP state.
Moreover, this check incorrectly considers no-data packets (e.g. RST) to
be in-window when this flag is not set.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Approved by: so
Security: FreeBSD-SA-23:17.pf

(cherry picked from commit 6284d5f76d6bd2d97fe287c5adabf59c79688eda)
(cherry picked from commit ee1d1e38fae65d045b113a7053651bbd7b780e1d)

Details

Provenance

kp	Authored on Nov 29 2023, 6:06 PM
markj	Committed on Dec 5 2023, 6:28 PM

Parents

rG6d94fc2b0db9: compiler-rt: avoid segfaults when re-exec'ing with ASLR

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rG45e256e24c97: pf: remove incorrect fragmentation check (authored by kp).Dec 5 2023, 6:28 PM

Changes (1)

Path

Size

sys/

netpfil/

pf/

pf.c

rG45e256e24c97

View Options