> Author: ae
> Date: Tue Jun 25 11:40:37 2019
> New Revision: 349366
> URL: https://svnweb.freebsd.org/changeset/base/349366
>
> Log:
> Follow the RFC 3128 and drop short TCP fragments with offset = 1.
>
> Reported by: emaste
> MFC after: 1 week
Can we get a counter or something so that the dropping of these
is not totally silent and invisible?
Thanks,
Rod
> Modified:
> head/sys/netpfil/ipfw/ip_fw2.c
>
> Modified: head/sys/netpfil/ipfw/ip_fw2.c
> ==============================================================================
> --- head/sys/netpfil/ipfw/ip_fw2.c Tue Jun 25 09:11:22 2019
> (r349365)
> +++ head/sys/netpfil/ipfw/ip_fw2.c Tue Jun 25 11:40:37 2019
> (r349366)
> @@ -1719,6 +1719,11 @@ do {
> \
> default:
> break;
> }
> + } else {
> + if (offset == 1 && proto == IPPROTO_TCP) {
> + /* RFC 3128 */
> + goto pullup_failed;
> + }
> }
>
> UPDATE_POINTERS();
>
>
--
Rod Grimes [email protected]
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
