Hi
I'm just wondering if I can interest anyone in an IPFW PR with a tested
patch, which I submitted a few weeks ago.
http://www.freebsd.org/cgi/query-pr.cgi?pr=145733
The flaws that the patch fixes:
- Rejection of packets with an IPv6 Fragmentation header if the packet
is not actually fragmented (offset and mf both zero). This type of
packet is allowed by RFC 2460.
- Rejection of fragments with offset != 0 if they are small (because
the code tries to pullup a transport layer header which isn't there)
- No check of the transport layer fields with for the first fragment
offset zero because the mf bit is masked into the offset field.
I'm happy to address any concerns with the patch if there are any.
Thanks,
Matthew
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
