Le 07/04/2018 à 23:28, Christos Zoulas a écrit :
In article <20180407090627.20058f...@cvs.netbsd.org>,
Maxime Villard <source-changes-d@NetBSD.org> wrote:
-=-=-=-=-=-
Module Name: src
Committed By: maxv
Date: Sat Apr 7 09:06:27 UTC 2018
Modified Files:
src/sys/net/npf: npf_inet.c
Log Message:
Rewrite npf_fetch_tcpopts:
* Instead of doing several nbuf_advance/nbuf_ensure_contig and
playing with gotos, fetch the TCP options only once, and iterate over
the (safe) area. The code is similar to tcp_dooptions.
* When handling TCPOPT_MAXSEG and TCPOPT_WINDOW, ensure the length is
the one we're expecting. If it isn't, then skip the option. This
wasn't done before, and not doing it allowed a packet to bypass the
max-mss clamping procedure. Discussed on tech-net@.
This seems to break
cvs -d cvs.netbsd.org:/cvsroot diff, with write via ssh returning
ENETUNREACH.
christos
My bad (again).
Seems like the TCP code is getting me confused all the time.
