freebsd-dev

History

Kristof Provost d47023236c pf: Limit the maximum number of fragments per packet Similar to the network stack issue fixed in r337782 pf did not limit the number of fragments per packet, which could be exploited to generate high CPU loads with a crafted series of packets. Limit each packet to no more than 64 fragments. This should be sufficient on typical networks to allow maximum-sized IP frames. This addresses the issue for both IPv4 and IPv6. MFC after: 3 days Security: CVE-2018-5391 Sponsored by: Klara Systems	2018-08-17 15:00:10 +00:00
..
ipfw	Fix a typo in comment.	2018-08-15 16:36:29 +00:00
pf	pf: Limit the maximum number of fragments per packet	2018-08-17 15:00:10 +00:00

Kristof Provost d47023236c pf: Limit the maximum number of fragments per packet

Similar to the network stack issue fixed in r337782 pf did not limit the number
of fragments per packet, which could be exploited to generate high CPU loads
with a crafted series of packets.

Limit each packet to no more than 64 fragments. This should be sufficient on
typical networks to allow maximum-sized IP frames.

This addresses the issue for both IPv4 and IPv6.

MFC after:	3 days
Security:	CVE-2018-5391
Sponsored by:	Klara Systems

2018-08-17 15:00:10 +00:00

ipfw

Fix a typo in comment.

2018-08-15 16:36:29 +00:00

pf: Limit the maximum number of fragments per packet

2018-08-17 15:00:10 +00:00