diff options
author | kp <kp@FreeBSD.org> | 2015-06-18 20:41:55 +0000 |
---|---|---|
committer | kp <kp@FreeBSD.org> | 2015-06-18 20:41:55 +0000 |
commit | 6ba0797920291243e06f587bf1cc7fe8b5d687db (patch) | |
tree | 37100ce876438f5510637e5ca9e61f8869da7c71 /sys/netpfil | |
parent | ad9eb0c77b86bcc383a6459bbc6ac48caf84e666 (diff) | |
download | FreeBSD-src-6ba0797920291243e06f587bf1cc7fe8b5d687db.zip FreeBSD-src-6ba0797920291243e06f587bf1cc7fe8b5d687db.tar.gz |
Merge r280956
pf: Deal with runt packets
On Ethernet packets have a minimal length, so very short packets get padding
appended to them. This padding is not stripped off in ip6_input() (due to
support for IPv6 Jumbograms, RFC2675).
That means PF needs to be careful when reassembling fragmented packets to not
include the padding in the reassembled packet.
While here also remove the 'Magic from ip_input.' bits. Splitting up and
re-joining an mbuf chain here doesn't make any sense.
Differential Revision: https://reviews.freebsd.org/D2818
Reviewed by: gnn
Diffstat (limited to 'sys/netpfil')
-rw-r--r-- | sys/netpfil/pf/pf_norm.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 8d6d6bb..624bb3d 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -582,11 +582,8 @@ pf_join_fragment(struct pf_fragment *frag) frent = TAILQ_FIRST(&frag->fr_queue); next = TAILQ_NEXT(frent, fr_next); - /* Magic from ip_input. */ m = frent->fe_m; - m2 = m->m_next; - m->m_next = NULL; - m_cat(m, m2); + m_adj(m, (frent->fe_hdrlen + frent->fe_len) - m->m_pkthdr.len); uma_zfree(V_pf_frent_z, frent); for (frent = next; frent != NULL; frent = next) { next = TAILQ_NEXT(frent, fr_next); @@ -594,6 +591,9 @@ pf_join_fragment(struct pf_fragment *frag) m2 = frent->fe_m; /* Strip off ip header. */ m_adj(m2, frent->fe_hdrlen); + /* Strip off any trailing bytes. */ + m_adj(m2, frent->fe_len - m2->m_pkthdr.len); + uma_zfree(V_pf_frent_z, frent); m_cat(m, m2); } |