| created | 2022-05-02T21:17:51Z |
|---|---|
| begin | 2022-04-29T00:00:00Z |
| end | 2022-04-30T00:00:00Z |
| path | src/sys |
| commits | 2 |
| date | 2022-04-29T08:58:49Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/net/pf.c | log | diff | annotate |
| src/sys/net/pfvar_priv.h | log | diff | annotate | |
| message |
IGMP and ICMP6 MLD packets always have the router alert option set. pf blocked IPv4 options and IPv6 option header by default. This forced users to set allow-opts in pf rules. Better let multicast work by default. Detect router alerts by parsing IP options and hop by hop headers. If the packet has only this option and is a multicast control packet, do not block it due to bad options. tested by otto@; OK sashan@ |
|||
| date | 2022-04-29T09:55:43Z | |||
|---|---|---|---|---|
| author | mbuhl | |||
| files | src/sys/net/pf_if.c | log | diff | annotate |
| src/sys/net/pf_ioctl.c | log | diff | annotate | |
| src/sys/net/pfvar.h | log | diff | annotate | |
| message |
Release PF und NET lock before calling copyout for DIOCIGETIFACES. OK sashan@ Reported-by: [email protected] |
|||