freebsd-nq/sys/netpfil
Kristof Provost d47023236c pf: Limit the maximum number of fragments per packet
Similar to the network stack issue fixed in r337782 pf did not limit the number
of fragments per packet, which could be exploited to generate high CPU loads
with a crafted series of packets.

Limit each packet to no more than 64 fragments. This should be sufficient on
typical networks to allow maximum-sized IP frames.

This addresses the issue for both IPv4 and IPv6.

MFC after:	3 days
Security:	CVE-2018-5391
Sponsored by:	Klara Systems
2018-08-17 15:00:10 +00:00
..
ipfw Fix a typo in comment. 2018-08-15 16:36:29 +00:00
pf pf: Limit the maximum number of fragments per packet 2018-08-17 15:00:10 +00:00