Date: Fri, 4 Jul 2008 04:44:59 -0700 (PDT) From: Jeremy Chadwick <koitsu@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/125261: Backport OpenBSD 4.3 patch for pf re-using state Message-ID: <20080704114459.2A96A17B833@icarus.home.lan> Resent-Message-ID: <200807041200.m64C081T065392@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 125261 >Category: kern >Synopsis: Backport OpenBSD 4.3 patch for pf re-using state >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Jul 04 12:00:08 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Jeremy Chadwick >Release: FreeBSD 7.0-STABLE amd64 >Organization: >Environment: System: FreeBSD icarus.home.lan 7.0-STABLE FreeBSD 7.0-STABLE #0: Sat May 3 16:20:41 PDT 2008 root@icarus.home.lan:/usr/obj/usr/src/sys/PDSMI_PLUS_amd64 amd64 >Description: OpenBSD 4.3's pf contains a sufficient workaround for a problem where a state mismatch can occur as a result of a TCP port being re-used (SYN) before the state table entry is removed. The change is described here: http://www.openbsd.org/plus43.html * In pf(4), allow state reuse if both sides are in FIN_WAIT_2 and a new SYN arrives. >How-To-Repeat: n/a >Fix: CVS diff is here: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r2=1.559&r1=1.558&f=H This would have to be applied to src/sys/contrib/net/pf.c, inserted at line ~4762, for RELENG_7. I believe this can also be backported to RELENG_6. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080704114459.2A96A17B833>