Hosting Provided By

CVS: cvs.openbsd.org: src

From: Daniel Hartmeier <dhartmei(at)cvs.openbsd.org>
Date: Fri Jan 31 2003 - 14:22:11 EST

CVSROOT:	/cvs
Module name:	src
Changes by:	dhartmei@cvs.openbsd.org	2003/01/31 12:22:11

Modified files:
	sys/net        : pf.c

Log message:
Check protocol (TCP/UDP/ICMP/ICMP6) checksums of all incoming packets, and drop packets with invalid checksums. Without such a check, pf would return RST/ICMP errors even for packets with invalid checksums, which could be used to detect the presence of the firewall, reported by "Ed White" in http://www.phrack.org/phrack/60/p60-0x0c.txt.

To minimize the cost of checksum calculations, mbuf flags set by network interfaces capable of hardware checksumming are honoured, and set when pf performs the calculation, so the TCP/IP stack itself will not repeat the calculation for the same packet later on.

ok mcbride@ and henning@ Received on Fri Jan 31 14:18:29 2003

This message: [ Message body ]
Next message: Daniel Hartmeier: "CVS: cvs.openbsd.org: src"
Previous message: Jason Wright: "CVS: cvs.openbsd.org: src"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:47:23 EDT