freebsd-nq/sys
Daniel Hartmeier 7f368082ad When checking the sequence number of a TCP header embedded in an
ICMP error message, do not access th_flags. The field is beyond
the first eight bytes of the header that are required to be present
and were pulled up in the mbuf.

A random value of th_flags can have TH_SYN set, which made the
sequence number comparison not apply the window scaling factor,
which led to legitimate ICMP(v6) packets getting blocked with
"BAD ICMP" debug log messages (if enabled with pfctl -xm), thus
breaking PMTU discovery.

Triggering the bug requires TCP window scaling to be enabled
(sysctl net.inet.tcp.rfc1323, enabled by default) on both end-
points of the TCP connection. Large scaling factors increase
the probability of triggering the bug.

PR:		kern/115413: [ipv6] ipv6 pmtu not working
Tested by:	Jacek Zapala
Reviewed by:	mlaier
Approved by:	re (kensmith)
2007-08-23 09:30:58 +00:00
..
amd64 Assign sizes to assembly language support functions. 2007-08-22 05:06:14 +00:00
arm Just wbinv if both PREREAD and PREWRITE are set. 2007-08-18 16:47:28 +00:00
boot Don't pass RB_BOOTINFO to the kernel. There's no bootinfo actually 2007-08-17 18:22:31 +00:00
bsm Merge OpenBSM 1.0 alpha 15 changes to src/sys/bsm: 2007-07-22 12:28:13 +00:00
cam Do not forget to cam_periph_unhold the peripheral before exiting 2007-07-21 18:07:45 +00:00
cddl Some ZFS threads needs stack larger than the default 8kB, so use 16kB of 2007-08-16 20:33:20 +00:00
compat Some ZFS threads needs stack larger than the default 8kB, so use 16kB of 2007-08-16 20:33:20 +00:00
conf Add a driver for the on-die digital thermal sensor found on Intel Core 2007-08-15 19:26:03 +00:00
contrib When checking the sequence number of a TCP header embedded in an 2007-08-23 09:30:58 +00:00
crypto Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC 2007-07-03 12:13:45 +00:00
ddb
dev - Fix a bug which could cause a panic when enabling LRO 2007-08-22 13:22:12 +00:00
fs MFp4: rework tmpfs_readdir() logic in terms of correctness. 2007-08-16 11:00:07 +00:00
gdb Add kdb_cpu_sync_icache(), intended to synchronize instruction 2007-06-09 21:55:17 +00:00
geom Have gpart synthesize a disk geometry if the underlying provider 2007-06-17 22:19:19 +00:00
gnu Some times ago, vfs_getopts() was changed, so that it would set error to 2007-08-20 15:33:22 +00:00
i4b I4B header files were repo-copied from sys/i386/include/ to 2007-07-06 07:17:22 +00:00
i386 Assign sizes to assembly language support functions. 2007-08-22 05:06:14 +00:00
ia64 Clear pending interrupts before we enable external interrupts. 2007-08-06 05:15:57 +00:00
isa It seems that some i386 mothermoards either do not implement the 2007-07-27 09:34:42 +00:00
kern Destroy the kaio_mtx on the freeing the struct kaioinfo in the 2007-08-20 11:53:26 +00:00
libkern Unbreak high resolution profiling a little: use dummy asms to prevent 2007-06-13 06:17:48 +00:00
modules Add a driver for the on-die digital thermal sensor found on Intel Core 2007-08-15 19:26:03 +00:00
net If the STP state machine is stopped then clear the bridge-id and root-id. 2007-08-18 12:06:13 +00:00
net80211 In add_channel(), search 11g channels if mode is AUTO and corresponding 2007-07-20 11:38:12 +00:00
netatalk Mark wire data structures in netatalk as __packed so that they are 2007-06-28 12:54:58 +00:00
netatm Disconnect netatm from the build as it is not MPSAFE and relies on 2007-07-14 21:49:24 +00:00
netgraph Add ng_send_fn() error handeling inside ng_con_nodes(). 2007-08-18 11:59:17 +00:00
netinet - Remove extra comment for 7.0 (no GIANT here). 2007-08-16 01:51:22 +00:00
netinet6 Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL. 2007-08-05 16:16:15 +00:00
netipsec Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
netipx Make tcpstates[] static, and make sure TCPSTATES is defined before 2007-07-30 11:06:42 +00:00
netnatm s/destory/destroy/ (except for the code in contrib/). 2007-04-16 12:31:35 +00:00
netncp Commit 14/14 of sched_lock decomposition. 2007-06-05 00:00:57 +00:00
netsmb Fixing the mount_smbfs(8) hanging by utilising the destroy_dev_sched() KPI. 2007-07-10 09:23:10 +00:00
nfs
nfs4client - Move rusage from being per-process in struct pstats to per-thread in 2007-06-01 01:12:45 +00:00
nfsclient Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
nfsserver Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
opencrypto Quiet warnings. These do not appear to be actually used uninitialized, 2007-07-05 06:59:14 +00:00
pc98 Mfi386 revision 1.239 of src/sys/i386/isa/clock.c. Seemingly some 2007-07-29 20:16:48 +00:00
pccard
pci Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
powerpc Revamp the interrupt handling in support of INTR_FILTER. This includes: 2007-08-11 19:25:32 +00:00
rpc Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
security Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
sparc64 - Divorce the IOTSBs, which so far where handled via a global list 2007-08-05 11:56:44 +00:00
sun4v Fix warning - add missing #include 2007-07-06 00:41:53 +00:00
sys Regenerate. 2007-08-16 05:32:26 +00:00
tools Catch up with ACPI-CA 20070320 import. 2007-03-22 18:16:43 +00:00
ufs Perform range check before allocating memory when reading 2007-07-13 18:51:08 +00:00
vm Do not drop vm_map lock between doing vm_map_remove() and vm_map_insert(). 2007-08-20 12:05:45 +00:00
Makefile Complete repo-copy and move of Coda from src/sys/coda to src/sys/fs/coda 2007-07-12 21:04:58 +00:00