search for: pf_norm

...ction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5 src/sys/contrib/pf/net/pf_norm.c 1.10.2.2 RELENG_5_4 src/UPDATING 1.342.2.24.2.19 src/sys/conf/newvers.sh 1.62.2.18.2.15 src/sys/contrib/pf/net/pf_norm.c 1.10.6.1 RELENG_5_3 src/UPDATING...

...ction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5 src/sys/contrib/pf/net/pf_norm.c 1.10.2.2 RELENG_5_4 src/UPDATING 1.342.2.24.2.19 src/sys/conf/newvers.sh 1.62.2.18.2.15 src/sys/contrib/pf/net/pf_norm.c 1.10.6.1 RELENG_5_3 src/UPDATING...

...as far as I can tell, clearly invalid packets (like packets with SYN/RST set) is discared while scrub simply remove the FIN bit on packets with SYN/FIN. Note, I have no knowledge about coding in C, so sorry if this is wrong. I checked the source and this what I found: /usr/src/sys/contrib/pf/net/pf_norm.c:1424: --- flags = th->th_flags; if (flags & TH_SYN) { /* Illegal packet */ if (flags & TH_RST) goto tcp_drop; if (flags & TH_FIN) flags &= ~TH_FIN; } else {...