Re: NPF: broken checksums

To: Maxime Villard <max%m00nbsd.net@localhost>
Subject: Re: NPF: broken checksums
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Wed, 04 Apr 2018 17:52:28 +0700

    Date:        Wed, 4 Apr 2018 08:09:56 +0200
    From:        Maxime Villard <max%m00nbsd.net@localhost>
    Message-ID:  <b3819e11-d139-3cf9-b9f0-be5affb9c3d4%m00nbsd.net@localhost>

  | It's not correct; when we call npf_fetch_tcpopts to only read the TCP options,
  | we shouldn't modify the packet.

Ideally no, but...

  | In the end the kernel kicks the packet - which shouldn't have happened if we
  | only wanted to read its options.

For the bogus packet you described (2 different MSS options in the same header)
dumping the packet is almost certainly the right thing to do - however we get 
there and whatever code causes it to happen.

Of course, this isn't something that is ever observed in real traffic, so you 
would only ever see this if someone is deliberately sending trash.

kre

References:
- Re: NPF: broken checksums
  - From: Maxime Villard
- Re: NPF: broken checksums
  - From: Maxime Villard
- NPF: broken checksums
  - From: Maxime Villard
- Re: NPF: broken checksums
  - From: Robert Elz

Prev by Date: Re: NPF: broken checksums
Next by Date: DHCP over WiFi issues on RPI
Previous by Thread: Re: NPF: broken checksums
Next by Thread: DHCP over WiFi issues on RPI
Indexes:

Home | Main Index | Thread Index | Old Index