Date: Thu, 23 Aug 2007 09:30:58 +0000 (UTC) From: Daniel Hartmeier <dhartmei@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/contrib/pf/net pf.c Message-ID: <200708230930.l7N9Uwqk078621@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dhartmei 2007-08-23 09:30:58 UTC
FreeBSD src repository
Modified files:
sys/contrib/pf/net pf.c
Log:
When checking the sequence number of a TCP header embedded in an
ICMP error message, do not access th_flags. The field is beyond
the first eight bytes of the header that are required to be present
and were pulled up in the mbuf.
A random value of th_flags can have TH_SYN set, which made the
sequence number comparison not apply the window scaling factor,
which led to legitimate ICMP(v6) packets getting blocked with
"BAD ICMP" debug log messages (if enabled with pfctl -xm), thus
breaking PMTU discovery.
Triggering the bug requires TCP window scaling to be enabled
(sysctl net.inet.tcp.rfc1323, enabled by default) on both end-
points of the TCP connection. Large scaling factors increase
the probability of triggering the bug.
PR: kern/115413: [ipv6] ipv6 pmtu not working
Tested by: Jacek Zapala
Reviewed by: mlaier
Approved by: re (kensmith)
Revision Changes Path
1.46 +1 -2 src/sys/contrib/pf/net/pf.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708230930.l7N9Uwqk078621>