Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: src/sys/net/npf

Module Name:    src
Committed By:   rmind
Date:           Sat Oct  6 23:50:17 UTC 2012

Modified Files:
        src/sys/net/npf: npf_state_tcp.c

Log Message:
npf_tcp_inwindow: inspect the sequence numbers even if the packet contains no
data, fixing up only the RST to the initial SYN.  This makes off-path attacks
more difficult.  For the reference, see "Reflection Scan: an Off-Path Attack
on TCP" by Jan Wrobel.

To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/sys/net/npf/npf_state_tcp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index