Diffusion FreeBSD src repository 0415f0554b72

pf: remove incorrect fragmentation check
0415f0554b72
Actions

Description

pf: remove incorrect fragmentation check

We do not need to check PFDESC_IP_REAS while tracking TCP state.
Moreover, this check incorrectly considers no-data packets (e.g. RST) to
be in-window when this flag is not set.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Approved by: so
Security: FreeBSD-SA-23:17.pf

(cherry picked from commit 6284d5f76d6bd2d97fe287c5adabf59c79688eda)

Details

Provenance

kp	Authored on Nov 29 2023, 6:06 PM
markj	Committed on Dec 5 2023, 6:25 PM

Parents

rG2e6541b943ef: rc.conf(5): add <service>_umask to run the service using this value

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rG0415f0554b72: pf: remove incorrect fragmentation check (authored by kp).Dec 5 2023, 6:25 PM

markj mentioned this in rG1f8724dd18b0: pf: remove incorrect fragmentation check.Dec 5 2023, 6:34 PM

markj mentioned this in rGf0327f9d86aa: pf: remove incorrect fragmentation check.Dec 5 2023, 6:38 PM

Changes (1)

Path

Size

sys/

netpfil/

pf/

pf.c

rG0415f0554b72

View Options