From nobody Wed Jun 28 09:16:30 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QrbYW3msHz4jrLt; Wed, 28 Jun 2023 09:16:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QrbYW17BNz3mfv; Wed, 28 Jun 2023 09:16:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687943791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z1Nlva4m0O0p0us6Uabl0yWbxzeMgkLNm9qInDK+OrI=; b=JKpLHw60Hm/UT+7+hCFZF5rYElVUAuTDC9uUR0H7cSmB+HM4ohT7WdMzO7G/TOq61CFPT4 cgbBdBeWPa0MgLXaGEKpTcyZf4I77t/2zFCH32cjYm6fD/M8zF0TM/BnEcUQ1fN7wPondt qSPFzsVpehTt7XJqffdutRv4VcTOU0xfg7tJZ6Ceb6L3u5L0iBs2vJ/tYjHtNciataXx+T h9pFKa1rgfcFc2j8xOV4zhabgKHtFcpZ3TDJ2tbRXmRnFip0QXA70UyB27UNf/V/HdT8CT /QZ38+4XIUTYpff1TWxu8PxODhsMcMt8foCfb2aIEs6n7Y80SSSJZiBUKW43Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687943791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z1Nlva4m0O0p0us6Uabl0yWbxzeMgkLNm9qInDK+OrI=; b=Jl5xApSC97SujUCAhFzjmU+ngnLa1U8VC1HF2IKGgo7X6hq6SZ4gvbATBsMrzXsiepDE5Q /8Mn9cUr6cHcHI7ASSIIcafRsCOOzcMeehPPe/Dc8pQ+172taIn/5HEdAUriKNIBJTvAT9 neO+GP4pZAIMRGaSTCzTFoTuJBwuZWJxLhTEfsI2VYY5Sg9GWOC5WrfUqNP3XpGhREXBMS 2xW7YDRgx+DXI3icJboi64TdcMc6a30F5fezqcgWmcI5WPntTe1zdnEJsrAvrLJon/U0DU acAIQX/BjTLNfepf1hjERsZJRrDpc/IUxNFPcvuOQmDsLhxS2/sXcL25DPPyLQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687943791; a=rsa-sha256; cv=none; b=xb5bLu0WQWyURpmh5Lv1PtZUpd68cZFChRrVP12EYZt2ZXV/hL8UPcqKKv08MoFpR7gWah xdw9mj3VclFOziaUICsrQ9+Rz/qr3KdPzrU/NBmmKpMYSgAz2SdYWpaYP/luwUf1E2A/3c P+68je5o2TxeCgK5pHcaSrLck2C9jjN50k7FIuLWALC1XbGY5y0J1aTBclLnbV99RZ/rB2 8yvSO09bn/5Ckzukyz/0+1iMOpoFelBb8f2/GM45D2umsRyk2gJDHf24vJwJ1ACCLglPY8 a5JbQiHTJ+pBtkAH98zu6qACy7lUg4jGb37CsQLB80PXy/tIjLQBRPzOlvAQnw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QrbYW0DP3zStJ; Wed, 28 Jun 2023 09:16:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 35S9GU4m010186; Wed, 28 Jun 2023 09:16:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 35S9GURj010185; Wed, 28 Jun 2023 09:16:30 GMT (envelope-from git) Date: Wed, 28 Jun 2023 09:16:30 GMT Message-Id: <202306280916.35S9GURj010185@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 0da2f02c1b2a - stable/13 - netinet: re-read IP length after PFIL hook List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 0da2f02c1b2a2fb0daca8625a1992ee3a0426f44 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=0da2f02c1b2a2fb0daca8625a1992ee3a0426f44 commit 0da2f02c1b2a2fb0daca8625a1992ee3a0426f44 Author: Kristof Provost AuthorDate: 2023-06-02 14:38:30 +0000 Commit: Kristof Provost CommitDate: 2023-06-28 09:15:14 +0000 netinet: re-read IP length after PFIL hook The pfil hook may modify the packet, so before we check its length (to decide if it needs to be fragmented or not) we should re-read that length. This is most likely to happen when pf is reassembling packets. In that scenario we'd receive the last fragment, which is likely to be a short packet, pf would reassemble it (likely exceeding the interface MTU) and then we'd transmit it without fragmenting, because we're comparing the MTU to the length of the last fragment, not the fully reassembled packet. See also: https://redmine.pfsense.org/issues/14396 Reviewed by: cy MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D40395 (cherry picked from commit 185c1cddd7ef34db82bc3a25b3c92556416a4e55) --- sys/netinet/ip_output.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 595957afe146..60aac79886c3 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -705,6 +705,7 @@ sendit: case 0: /* Continue normally */ ip = mtod(m, struct ip *); + ip_len = ntohs(ip->ip_len); break; case -1: /* Need to try again */