From nobody Thu Feb 13 12:38:59 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ytvr44V2Zz5nRDr; Thu, 13 Feb 2025 12:39:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ytvr40RPJz3fqg; Thu, 13 Feb 2025 12:39:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739450340; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/hsB2S+t0yFRZtXiia0qqqlqSmZaiD6GxKPOa9izRHc=; b=uSJyOj81SUD8BTd2DEyDuhtXx8U+xkzS8fsk2VESaJcab+vKsXAJewEg08y0af53bAVd0e dP4AGmz+GzAlqFAOlWBNK6ra8K45osfv8m7hwrg8FKje9LVnAG17sHWMW4rvTufzgIv+yu H5vDOpW6aisA0tpK46Q38rlo56xDaAoG2X69/RnbURpa/F14j8jQ6q4tOF46UYuUyi6tUO MocQ0HxGklhCAWy8VQZxNQU/Q4KUdXVMroplbdkuyjsuQ4juvyEv1eLs1BP/WFnhNp//Hw haY9zrJ8SbCPRbsXAvzrwR/qbkT6y+It1VZrsne63U8hatze1SxOTLMgDJtp/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739450340; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/hsB2S+t0yFRZtXiia0qqqlqSmZaiD6GxKPOa9izRHc=; b=e9lFxrxIRDVc19u8GSma5gnugrSu8Z/lTeW1pB3APHH35XK6L6CU1mP+ElRBhh3kOGm/iW Ya4H51LwPXaTJSVkWhtfZr/O1mkI9WJDRpVzPLcDogC+ZVm0bj+XbnSvgkGyddPAoIA8Wv AKmnWGUPECwvWV44JHi9ti9/v3TJldpmc8at9TOU6BGMcJ8rNBmohHkxAATcfkfqMm6w7Y VHOEzPBQrb82eaY0gQDpqgSSVddWH+OMDI86W593QoHs6q8yU71Lk7E+m/z+gZCmqz5VHe S8yDu9YAkP2QTOP2Vs/RxXoVAHj6Ky+5slnmFyHjSL3OxydHgHOBZE3kF+QuvA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739450340; a=rsa-sha256; cv=none; b=gCMezrYoqcsmYh+iYP+QuE5RgNUbKjLqfVnkvv70Quavv5/wGr0GSFgZwhsbPjPWr+hVyr QY03s714ZDLnaLesXWhV2er6C2W2bPnFyzQNR2ltrz+lXWF9QG16EVF8b3kLXoe5BTjOyK uml0vK1n0DUjZseta//cYsZDrdVHHH9USJ/Oocj8SMfHUNXjMGMCSE0upDqr7zpslC0eiS RhmOZ4vJ/+aldyO4LPJbsoFEQpLZJhjL89MpQWQJ4urOoF9ASifpaoLWrH0NecxeBbj8P7 oXUpIc9nlvqBWLpC5+ITsWqom7Qp7fA0b1mwMwkhmjaktDEW/O0c4fzdXr0rcQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ytvr36jy6zl5V; Thu, 13 Feb 2025 12:38:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51DCcxe7075406; Thu, 13 Feb 2025 12:38:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51DCcx6a075403; Thu, 13 Feb 2025 12:38:59 GMT (envelope-from git) Date: Thu, 13 Feb 2025 12:38:59 GMT Message-Id: <202502131238.51DCcx6a075403@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: c11d317a8bd6 - main - pf: do not reset the fragment timeout each time a fragment arrives List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c11d317a8bd60d93d3c3ced765071f468adacd69 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=c11d317a8bd60d93d3c3ced765071f468adacd69 commit c11d317a8bd60d93d3c3ced765071f468adacd69 Author: Kristof Provost AuthorDate: 2025-02-10 09:31:32 +0000 Commit: Kristof Provost CommitDate: 2025-02-13 12:38:43 +0000 pf: do not reset the fragment timeout each time a fragment arrives Start the expire counter when the queue is created by the first fragment and drop it if the packet could not be reassembled within 60 seconds. Reported by Antonios Atlasis; OK henning@ deraadt@ Obtained from: OpenBSD, bluhm , 4697a20621 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.h | 2 +- sys/netpfil/pf/pf_norm.c | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/sys/netpfil/pf/pf.h b/sys/netpfil/pf/pf.h index 01c1abc54602..45652f174884 100644 --- a/sys/netpfil/pf/pf.h +++ b/sys/netpfil/pf/pf.h @@ -113,7 +113,7 @@ enum { #define PFTM_OTHER_FIRST_PACKET_VAL 60 /* First packet */ #define PFTM_OTHER_SINGLE_VAL 30 /* Unidirectional */ #define PFTM_OTHER_MULTIPLE_VAL 60 /* Bidirectional */ -#define PFTM_FRAG_VAL 30 /* Fragment expire */ +#define PFTM_FRAG_VAL 60 /* Fragment expire */ #define PFTM_INTERVAL_VAL 10 /* Expire interval */ #define PFTM_SRC_NODE_VAL 0 /* Source tracking */ #define PFTM_TS_DIFF_VAL 30 /* Allowed TS diff */ diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 6546f8684a68..57b9549df5e0 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -306,8 +306,6 @@ pf_find_fragment(struct pf_fragment_cmp *key, struct pf_frag_tree *tree) frag = RB_FIND(pf_frag_tree, tree, (struct pf_fragment *)key); if (frag != NULL) { - /* XXX Are we sure we want to update the timeout? */ - frag->fr_timeout = time_uptime; TAILQ_REMOVE(&V_pf_fragqueue, frag, frag_next); TAILQ_INSERT_HEAD(&V_pf_fragqueue, frag, frag_next); }