Le 07/04/2018 à 23:28, Christos Zoulas a écrit :
In article <20180407090627.20058f...@cvs.netbsd.org>,
Maxime Villard <source-changes-d@NetBSD.org> wrote:

Module Name:    src
Committed By:   maxv
Date:           Sat Apr  7 09:06:27 UTC 2018

Modified Files:
        src/sys/net/npf: npf_inet.c

Log Message:
Rewrite npf_fetch_tcpopts:

* Instead of doing several nbuf_advance/nbuf_ensure_contig and
   playing with gotos, fetch the TCP options only once, and iterate over
   the (safe) area. The code is similar to tcp_dooptions.

* When handling TCPOPT_MAXSEG and TCPOPT_WINDOW, ensure the length is
   the one we're expecting. If it isn't, then skip the option. This
   wasn't done before, and not doing it allowed a packet to bypass the
   max-mss clamping procedure. Discussed on tech-net@.

This seems to break

cvs -d cvs.netbsd.org:/cvsroot diff, with write via ssh returning


My bad (again).

Seems like the TCP code is getting me confused all the time.

Reply via email to