From owner-cvs-all@FreeBSD.ORG Thu Aug 23 09:30:58 2007 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE35F16A417; Thu, 23 Aug 2007 09:30:58 +0000 (UTC) (envelope-from dhartmei@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id DD5FC13C459; Thu, 23 Aug 2007 09:30:58 +0000 (UTC) (envelope-from dhartmei@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l7N9Uww1078622; Thu, 23 Aug 2007 09:30:58 GMT (envelope-from dhartmei@repoman.freebsd.org) Received: (from dhartmei@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l7N9Uwqk078621; Thu, 23 Aug 2007 09:30:58 GMT (envelope-from dhartmei) Message-Id: <200708230930.l7N9Uwqk078621@repoman.freebsd.org> From: Daniel Hartmeier Date: Thu, 23 Aug 2007 09:30:58 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/sys/contrib/pf/net pf.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Aug 2007 09:30:59 -0000 dhartmei 2007-08-23 09:30:58 UTC FreeBSD src repository Modified files: sys/contrib/pf/net pf.c Log: When checking the sequence number of a TCP header embedded in an ICMP error message, do not access th_flags. The field is beyond the first eight bytes of the header that are required to be present and were pulled up in the mbuf. A random value of th_flags can have TH_SYN set, which made the sequence number comparison not apply the window scaling factor, which led to legitimate ICMP(v6) packets getting blocked with "BAD ICMP" debug log messages (if enabled with pfctl -xm), thus breaking PMTU discovery. Triggering the bug requires TCP window scaling to be enabled (sysctl net.inet.tcp.rfc1323, enabled by default) on both end- points of the TCP connection. Large scaling factors increase the probability of triggering the bug. PR: kern/115413: [ipv6] ipv6 pmtu not working Tested by: Jacek Zapala Reviewed by: mlaier Approved by: re (kensmith) Revision Changes Path 1.46 +1 -2 src/sys/contrib/pf/net/pf.c