CVSROOT: /cvs Module name: src Changes by: [email protected] 2016/11/21 10:52:20
Modified files:
sys/net : pf_norm.c
Log message:
Follow RFC 5722 more strictly when handling overlapping fragments
in pf. Drop the whole fragment state if IPv6 fragments appear which
have invalid length or fragment-offset or more-fragment-bit. In
IPv4 they are considered invalid and just dropped like before.
Found by Antonios Atlasis; OK sashan@ sthen@
