Date: Tue, 25 Jun 2019 06:28:18 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: "Andrey V. Elsukov" <ae@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r349366 - head/sys/netpfil/ipfw Message-ID: <201906251328.x5PDSIZV049620@gndrsh.dnsmgr.net> In-Reply-To: <201906251140.x5PBectm030416@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Author: ae > Date: Tue Jun 25 11:40:37 2019 > New Revision: 349366 > URL: https://svnweb.freebsd.org/changeset/base/349366 > > Log: > Follow the RFC 3128 and drop short TCP fragments with offset = 1. > > Reported by: emaste > MFC after: 1 week Can we get a counter or something so that the dropping of these is not totally silent and invisible? Thanks, Rod > Modified: > head/sys/netpfil/ipfw/ip_fw2.c > > Modified: head/sys/netpfil/ipfw/ip_fw2.c > ============================================================================== > --- head/sys/netpfil/ipfw/ip_fw2.c Tue Jun 25 09:11:22 2019 (r349365) > +++ head/sys/netpfil/ipfw/ip_fw2.c Tue Jun 25 11:40:37 2019 (r349366) > @@ -1719,6 +1719,11 @@ do { \ > default: > break; > } > + } else { > + if (offset == 1 && proto == IPPROTO_TCP) { > + /* RFC 3128 */ > + goto pullup_failed; > + } > } > > UPDATE_POINTERS(); > > -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906251328.x5PDSIZV049620>