tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: NPF: broken checksums
Date: Wed, 4 Apr 2018 08:09:56 +0200
From: Maxime Villard <max%m00nbsd.net@localhost>
Message-ID: <b3819e11-d139-3cf9-b9f0-be5affb9c3d4%m00nbsd.net@localhost>
| It's not correct; when we call npf_fetch_tcpopts to only read the TCP options,
| we shouldn't modify the packet.
Ideally no, but...
| In the end the kernel kicks the packet - which shouldn't have happened if we
| only wanted to read its options.
For the bogus packet you described (2 different MSS options in the same header)
dumping the packet is almost certainly the right thing to do - however we get
there and whatever code causes it to happen.
Of course, this isn't something that is ever observed in real traffic, so you
would only ever see this if someone is deliberately sending trash.
kre
Home |
Main Index |
Thread Index |
Old Index