Check protocol (TCP/UDP/ICMP/ICMP6) checksums of all incoming packets, - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	dhartmei <dhartmei@openbsd.org>	2003-01-31 19:22:11 +0000
committer	dhartmei <dhartmei@openbsd.org>	2003-01-31 19:22:11 +0000
commit	fa0b91fb085c5851f93f6944ee1a4d40dc70470a (patch)
tree	f4920e216532e67f61a7133f6dfffc70dab2c465 /lib/libpthread/arch
parent	stuff in arch/sparc64 is by defn v9, remove < v9 #ifdefs. ok marc. (diff)
download	wireguard-openbsd-fa0b91fb085c5851f93f6944ee1a4d40dc70470a.tar.xz wireguard-openbsd-fa0b91fb085c5851f93f6944ee1a4d40dc70470a.zip

Check protocol (TCP/UDP/ICMP/ICMP6) checksums of all incoming packets,

and drop packets with invalid checksums. Without such a check, pf would return RST/ICMP errors even for packets with invalid checksums, which could be used to detect the presence of the firewall, reported by "Ed White" in http://www.phrack.org/phrack/60/p60-0x0c.txt. To minimize the cost of checksum calculations, mbuf flags set by network interfaces capable of hardware checksumming are honoured, and set when pf performs the calculation, so the TCP/IP stack itself will not repeat the calculation for the same packet later on. ok mcbride@ and henning@

Diffstat (limited to 'lib/libpthread/arch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: