Date: Sun, 5 Dec 2004 12:15:44 +0000 (UTC) From: Daniel Hartmeier <dhartmei@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/contrib/pf/net pf.c Message-ID: <200412051215.iB5CFih3079761@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dhartmei 2004-12-05 12:15:44 UTC
FreeBSD src repository
Modified files:
sys/contrib/pf/net pf.c
Log:
IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6
header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing
the header chain. In the case where headers are skipped, the protocol
checksum verification used the wrong length (included the skipped headers),
leading to incorrectly mismatching checksums. Such IPv6 packets with
headers were silently dropped.
Discovered by: Bernhard Schmidt
MFC after: 1 week
Revision Changes Path
1.24 +6 -3 src/sys/contrib/pf/net/pf.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412051215.iB5CFih3079761>