tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NPF: TCP options

To: Maxime Villard <max%m00nbsd.net@localhost>
Subject: Re: NPF: TCP options
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Thu, 8 Mar 2018 13:01:43 +0100

On Thu, Mar 08, 2018 at 09:15:40AM +0100, Maxime Villard wrote:
> In NPF we don't check the length of the TCPOPT_MAXSEG and TCPOPT_WINDOW
> options. That's a problem, if the length is bogus we should ignore these
> options, just like the kernel does in tcp_dooptions().

I don't think so. A firewall should drop bogus stuff.

Joerg

Follow-Ups:
- Re: NPF: TCP options
  - From: Maxime Villard

References:
- NPF: TCP options
  - From: Maxime Villard

Prev by Date: NPF: TCP options
Next by Date: Re: NPF: fast kick
Previous by Thread: NPF: TCP options
Next by Thread: Re: NPF: TCP options
Indexes:

Home | Main Index | Thread Index | Old Index