diff options
| author | kris <kris@FreeBSD.org> | 2001-01-23 21:11:28 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2001-01-23 21:11:28 +0000 |
| commit | 1a36de8090ca93b96cbcf1600aa926043c3cd362 (patch) | |
| tree | 6adb8641fcf32c14d75d28655a5a414d5d80a75a /sbin | |
| parent | 6ebef802b2dd48f691c8cbe4426a1d3184748405 (diff) | |
| download | FreeBSD-src-1a36de8090ca93b96cbcf1600aa926043c3cd362.zip FreeBSD-src-1a36de8090ca93b96cbcf1600aa926043c3cd362.tar.gz | |
Fix the vulnerability with TCP ECE packets recently fixed in ipfw.
This is untested, but believed to work.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ip6fw/ip6fw.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/ip6fw/ip6fw.c b/sbin/ip6fw/ip6fw.c index a25fed5..0c5b3b4 100644 --- a/sbin/ip6fw/ip6fw.c +++ b/sbin/ip6fw/ip6fw.c @@ -364,7 +364,7 @@ show_ip6fw(struct ip6_fw *chain) if (chain->fw_ip6nopt & IPV6_FW_IP6OPT_OPTS) PRINTOPT("!opts"); } - if (chain->fw_tcpf & IPV6_FW_TCPF_ESTAB) + if (chain->fw_ipflg & IPV6_FW_IF_TCPEST) printf(" established"); else if (chain->fw_tcpf == IPV6_FW_TCPF_SYN && chain->fw_tcpnf == IPV6_FW_TCPF_ACK) @@ -1060,7 +1060,7 @@ badviacombo: } if (rule.fw_prot == IPPROTO_TCP) { if (!strncmp(*av,"established",strlen(*av))) { - rule.fw_tcpf |= IPV6_FW_TCPF_ESTAB; + rule.fw_ipflg |= IPV6_FW_IF_TCPEST; av++; ac--; continue; } if (!strncmp(*av,"setup",strlen(*av))) { |
