Date: Mon, 11 Jun 2001 11:21:32 -0700 (PDT) From: Hajimu UMEMOTO <ume@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_input.c Message-ID: <200106111821.f5BILXw03785@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
ume 2001/06/11 11:21:32 PDT
Modified files:
sys/netinet ip_input.c
Log:
This is force commit to mention about previous commit.
- (possible) remote kernel panic fix - out of bounds access on
ill-formed ipopt.
- strict boundary check on ipopt.
- make sure to enforce inbound IPsec policy on all final header.
- add missing ipcomp entry from ipprotosw.
- 127/8 must not appear on wire - RFC1122.
this is rather important as we use weak host model, so outsider
can abuse 127.0.0.1 from outside.
- introduce ipstat.ips_badaddr
- use ipsec_gethist() to prevent packet filters from looking at
decapulated packets.
- remove duplicate 127.0.0.0/8 checking.
Revision Changes Path
1.172 +1 -1 src/sys/netinet/ip_input.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106111821.f5BILXw03785>