d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7f368082ad
freebsd-dev/sys/contrib
History
Daniel Hartmeier 7f368082ad When checking the sequence number of a TCP header embedded in an 
ICMP error message, do not access th_flags. The field is beyond
the first eight bytes of the header that are required to be present
and were pulled up in the mbuf.

A random value of th_flags can have TH_SYN set, which made the
sequence number comparison not apply the window scaling factor,
which led to legitimate ICMP(v6) packets getting blocked with
"BAD ICMP" debug log messages (if enabled with pfctl -xm), thus
breaking PMTU discovery.

Triggering the bug requires TCP window scaling to be enabled
(sysctl net.inet.tcp.rfc1323, enabled by default) on both end-
points of the TCP connection. Large scaling factors increase
the probability of triggering the bug.

PR:		kern/115413: [ipv6] ipv6 pmtu not working
Tested by:	Jacek Zapala
Reviewed by:	mlaier
Approved by:	re (kensmith)
2007-08-23 09:30:58 +00:00
..
altq/altq Fix a bug where the callout might not be initialized before being used. 2007-07-12 17:00:51 +00:00
dev This commit was generated by cvs2svn to compensate for changes in r168616, 2007-04-11 11:09:18 +00:00
ia64/libuwx Apply local modifications to make Unwind Express BETA 10 buildable and 2006-07-07 23:56:34 +00:00
ipfilter/netinet Pointer to an ICMP header was getting left behind after doing a pullup. 2007-06-09 09:28:36 +00:00
ngatm This commit was generated by cvs2svn to compensate for changes in r171364, 2007-07-11 14:41:54 +00:00
opensolaris Update assertion after revision 1.23. 2007-07-24 15:00:43 +00:00
pf When checking the sequence number of a TCP header embedded in an 2007-08-23 09:30:58 +00:00