From 769ed3d7becce4338590846ab29b8f424149a347 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
Date: Thu, 15 Apr 2021 18:38:43 +0400
Subject: [PATCH] fragattacks: Appendix E now discusses FreeBSD

---
 research/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/research/README.md b/research/README.md
index 4c01edf4f..4ab6469d2 100644
--- a/research/README.md
+++ b/research/README.md
@@ -698,13 +698,13 @@ Finally, in case the test `ping-frag-sep` doesn't succeed, you should try the fo
 
 - `ping I,F,BE,AE --freebsd`: This essentially performs the rekey handshake against a FreeBSD implementation, or
   a driver that borrows code from FreeBSD, without affecting the defragmentation process of data frames. See
-  Appendix F in the paper for details.
+  Appendix E in the paper for details.
 
 <a id="id-extended-cache"></a>
 ## 8.3. Cache attack tests (§5 -- CVE-2020-24586)
 
 - `ping I,E,R,AE --freebsd --full-reconnect`: This test can be used to check if a FreeBSD AP, or a driver that
-  borrows code from FreeBSD, is vulnerable to a cache attack. See Appendix F in the paper for details on how this
+  borrows code from FreeBSD, is vulnerable to a cache attack. See Appendix E in the paper for details on how this
   test works. You should also try this test without the `--full-reconnect` parameter. The test also works against
   clients, but these are unlikely to be affected.