FreeBSD Bugzilla – Attachment 183483 Details for
Bug 219991
[tcp][PATCH] TCP process bogus packets with too large ACK
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch sys/netinet/tcp_input.c - check incoming ACK number against snd_max
dpi.patch (text/plain), 671 bytes, created by
zuborg
on 2017-06-14 17:34:13 UTC
(
hide
)
Description:
patch sys/netinet/tcp_input.c - check incoming ACK number against snd_max
Filename:
MIME Type:
Creator:
zuborg
Created:
2017-06-14 17:34:13 UTC
Size:
671 bytes
patch
obsolete
>--- sys/netinet/tcp_input.c.orig 2017-06-14 12:17:24.601336000 +0000 >+++ sys/netinet/tcp_input.c 2017-06-14 15:50:12.578302000 +0000 >@@ -1380,10 +1380,18 @@ > } > sig_checked = 1; > } > #endif > >+ /* >+ * Some DPI systems forward bogus packets with wrong (too large) SEQ/ACK numbers. >+ * We have to ignore them to avoid falling into zero-size packets exchange loop. >+ */ >+ if(SEQ_GT(th->th_ack, tp->snd_max) && th->th_ack != 0) { >+ goto dropunlock; >+ } >+ > TCP_PROBE5(receive, NULL, tp, mtod(m, const char *), tp, th); > > /* > * Segment belongs to a connection in SYN_SENT, ESTABLISHED or later > * state. tcp_do_segment() always consumes the mbuf chain, unlocks
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=183483">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 219991
: 183483