From nobody Wed Jun 28 09:16:30 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QrbYW2bHkz4jrJk; Wed, 28 Jun 2023 09:16:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QrbYV68Fcz3mYb; Wed, 28 Jun 2023 09:16:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687943790; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Z+S1xaRq0+auGMuxHjv01gPUIpASQX38XhF+lupwBJQ=; b=mDcaOAPDUw+DnO3IEZdzD6f0JL2xpyp7Aj8Ir+tKhR6sWZw+JVcxRoqAi5CElBhU6LhBpW Ubqtj5iCZl7z96Lj1XqYrAwtGUt2rG0HkNrfXqYlmCXjZIsPrDxEHwSscEMZjXiKB0SF9h r2sGVeDZ/f74zqo9GCYaa/mOwMT8CSjbaOqJnAg4RL4tBYvJ3QS/wSx/sG78+NaOyM/rdy caq24/niotVw+XjJkjZF7UbH1Ij8Po9rHkDsBELCSDT2glh1+fkLtLtOzTnxI7aVckLVNM IH6tEI3WWj9EbU9Ku9PJ6sze5s+9V4NXdJnYw6W7crgAEDq0ATZ024MzYAC5pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687943790; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Z+S1xaRq0+auGMuxHjv01gPUIpASQX38XhF+lupwBJQ=; b=vKpXL7ylY/5k4cqy9JIe2QFl++t0HTFPckZAyDt+iB/sj0w9kxhLREkW9eWBwG9YOj6EuF BXkkQakWF9oDm4THqR6NsizMiikg6K2RYsycT3LkrE7kCAA4wh9IpU3y4LZsSOTRKfZNGk T5/gV+bQw4UZuhPAqxaWsQKqum97HYPgHwLSUkffi5L8gUlAkwLbCtYVbnR9cng9PGPknL n+qmDxrRW8paAKKYrN384TAM4IUkYv8Y07+PQO4H/0lripwR+Py2Rj4LF/IdazpOA3+eNc 1L/R5kgJV6U4z3anV7O4S7OjxshboAO+DoGGTb/oCd0O73/Qvd5CR4ZVdG+R7g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687943790; a=rsa-sha256; cv=none; b=itDEvCCCcRR6zAvRYv4We3Y0qFt+g1XmLTP1qLCaC6jA9sNzV0acTF6cjzGAGCzhQuileQ jpBtbkQc6w/L+qT6KzDY31pfy7x1hPIt6ZRwz6+6Q+Zg90znuLb6c4Ix7E/pF4LeQj5VDo RCHoOI8H2eO/vtDk7EyERYKK7Au5c9gEtEOVoWClTxQcTPzveMe4JlvEqSPqf5yDaXaYTo fJyPehhzPc52kUaImM4fm7E443iE3QOKfFyhLzedF/oBLwG732NLala/Zc86uOkzmsn+UX JEkemVnf+a2/Q8KKzXB5o5gPuETffbmzxWw1qIG4fGOgq2vbe/UJOyYEnMK/rg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QrbYV5CV8zSdL; Wed, 28 Jun 2023 09:16:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 35S9GUOg010119; Wed, 28 Jun 2023 09:16:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 35S9GUtM010118; Wed, 28 Jun 2023 09:16:30 GMT (envelope-from git) Date: Wed, 28 Jun 2023 09:16:30 GMT Message-Id: <202306280916.35S9GUtM010118@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: d0076c7a8653 - stable/12 - netinet: re-read IP length after PFIL hook List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: d0076c7a86538d295ca2508dddc5d5429a2c4ff7 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d0076c7a86538d295ca2508dddc5d5429a2c4ff7 commit d0076c7a86538d295ca2508dddc5d5429a2c4ff7 Author: Kristof Provost AuthorDate: 2023-06-02 14:38:30 +0000 Commit: Kristof Provost CommitDate: 2023-06-28 09:15:59 +0000 netinet: re-read IP length after PFIL hook The pfil hook may modify the packet, so before we check its length (to decide if it needs to be fragmented or not) we should re-read that length. This is most likely to happen when pf is reassembling packets. In that scenario we'd receive the last fragment, which is likely to be a short packet, pf would reassemble it (likely exceeding the interface MTU) and then we'd transmit it without fragmenting, because we're comparing the MTU to the length of the last fragment, not the fully reassembled packet. See also: https://redmine.pfsense.org/issues/14396 Reviewed by: cy MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D40395 (cherry picked from commit 185c1cddd7ef34db82bc3a25b3c92556416a4e55) --- sys/netinet/ip_output.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 93b41376f3c2..a2e4513f1118 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -584,6 +584,7 @@ sendit: case 0: /* Continue normally */ ip = mtod(m, struct ip *); + ip_len = ntohs(ip->ip_len); break; case -1: /* Need to try again */