d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
720fee0674
freebsd-dev/sys/netinet/ipfw
History
Bjoern A. Zeeb 720fee0674 ipfw internally checks for offset == 0 to determine whether the 
packet is a/the first fragment or not.  For IPv6 we have added the
"more fragments" flag as well to be able to determine on whether
there will be more as we do not have the fragment header avaialble
for logging, while for IPv4 this information can be derived directly
from the IPv4 header.  This allowed fragmented packets to bypass
normal rules as proper masking was not done when checking offset.
Split variables to not need masking for IPv6 to avoid further errors.

PR:		kern/145733
Submitted by:	Matthew Luckie (mjl luckie.org.nz)
MFC after:	2 weeks
Approved by:	re (kib)
2011-08-20 13:17:47 +00:00
..
test Add a priority-based packet scheduler. 2010-03-21 16:30:32 +00:00
dn_heap.c fix a comment and final empty line 2010-07-15 14:37:02 +00:00
dn_heap.h don't use C++ keywords as variable names 2010-03-08 11:27:08 +00:00
dn_sched_fifo.c Bring in the most recent version of ipfw and dummynet, developed 2010-03-02 17:40:48 +00:00
dn_sched_prio.c Add a priority-based packet scheduler. 2010-03-21 16:30:32 +00:00
dn_sched_qfq.c Whitespace changes to reduce diffs wrt the most recent ipfw/dummynet code: 2010-09-28 22:46:13 +00:00
dn_sched_rr.c whitespace fixes (trailing whitespace, bad indentation 2010-04-19 16:17:30 +00:00
dn_sched_wf2q.c whitespace changes in preparation for future commits 2010-09-29 09:40:20 +00:00
dn_sched.h whitespace changes in preparation for future commits 2010-09-29 09:40:20 +00:00
dummynet.txt Bring in the most recent version of ipfw and dummynet, developed 2010-03-02 17:40:48 +00:00
ip_dn_glue.c Convert delay parameter back to ms when reporting to user. 2011-05-06 07:13:34 +00:00
ip_dn_io.c Do not use SET_HOST_IPLEN() macro for IPv6 packets. 2011-06-21 06:06:47 +00:00
ip_dn_private.h Whitespace changes to reduce diffs wrt the most recent ipfw/dummynet code: 2010-09-28 22:46:13 +00:00
ip_dummynet.c Hide some debug messages under debug macro. 2011-06-01 12:33:05 +00:00
ip_fw2.c ipfw internally checks for offset == 0 to determine whether the 2011-08-20 13:17:47 +00:00
ip_fw_dynamic.c Hide useless warning under debug macro. 2011-06-01 12:05:35 +00:00
ip_fw_log.c Add new rule actions "call" and "return" to ipfw. They make 2011-06-29 10:06:58 +00:00
ip_fw_nat.c Implement "global" mode for ipfw nat. It is similar to natd(8) 2011-06-14 13:35:24 +00:00
ip_fw_pfil.c Add possibility to pass IPv6 packets to a divert(4) socket. 2011-06-27 12:21:11 +00:00
ip_fw_private.h - Rewrite functions that copyin/out NAT configuration, so that they 2011-04-19 15:06:33 +00:00
ip_fw_sockopt.c Add new rule actions "call" and "return" to ipfw. They make 2011-06-29 10:06:58 +00:00
ip_fw_table.c no need for ipfw_flush_tables(), we just need ipfw_destroy_tables() 2010-03-21 15:54:07 +00:00