diff options
author | Mike Frantzen <frantzen@cvs.openbsd.org> | 2001-08-31 23:05:23 +0000 |
---|---|---|
committer | Mike Frantzen <frantzen@cvs.openbsd.org> | 2001-08-31 23:05:23 +0000 |
commit | c2d23c9048ff7b007a809135fd6bfd4c74b10808 (patch) | |
tree | a20f78896696524a847d211e829b4b0883991641 | |
parent | db8d0d80ee0abacb066ece3a7a7698a07eecc1d9 (diff) |
Forgot to commit frag expire tuning before
Check for a short ip_hl. Could have caused proto headers to overlap IP header.
-rw-r--r-- | sys/net/pf.c | 8 | ||||
-rw-r--r-- | sys/net/pf_norm.c | 7 |
2 files changed, 10 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 70e208fa407..aff74a2edbb 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.141 2001/08/28 08:12:17 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.142 2001/08/31 23:05:22 frantzen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3193,6 +3193,12 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0) h = mtod(m, struct ip *); off = h->ip_hl << 2; + if (off < sizeof(*h)) { + action = PF_DROP; + REASON_SET(&reason, PFRES_SHORT); + log = 1; + goto done; + } switch (h->ip_p) { diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 2d847cf497f..d7b7e3f4348 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.6 2001/08/11 12:05:00 dhartmei Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.7 2001/08/31 23:05:22 frantzen Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -112,6 +112,7 @@ int pf_normalize_tcp(int, struct ifnet *, struct mbuf *, struct pf_tree_node *tree_fragment; struct pool pf_frent_pl, pf_frag_pl; int pf_nfrents; +extern int pftm_frag; /* Fragment expire timeout */ void pf_normalize_init(void) @@ -127,8 +128,6 @@ pf_normalize_init(void) TAILQ_INIT(&pf_fragqueue); } -#define FRAG_EXPIRE 30 - void pf_purge_expired_fragments(void) { @@ -138,7 +137,7 @@ pf_purge_expired_fragments(void) microtime(&now); timerclear(&expire); - expire.tv_sec = FRAG_EXPIRE; + expire.tv_sec = pftm_frag; timersub(&now, &expire, &expire); while ((frag = TAILQ_LAST(&pf_fragqueue, pf_fragqueue)) != NULL) { |