Padded packets in ip6_input()
Kristof Provost
kristof at sigsegv.be
Tue Mar 17 01:22:26 UTC 2015
On 2015-03-15 16:29:02 (+0300), Andrey V. Elsukov <bu7cher at yandex.ru> wrote:
> This is very rare case, I think, but plen can be zero in case, when
> jumbo payload option is present. Probably this is the reason why this
> check is done after hop-by-hop options parsing.
>
You're right, I missed that. The proposed patch is wrong.
I think we can get away with doing the trim before the pfil() hook (only
if plen != 0).
That'd mean we don't do the size check before pfil(), but that's almost
certainly something the firewalls handle (I'll check when I find a bit
of time).
There's perhaps also a risk of not doing the trim in the jumbo frame
case, but the existing code already (correctly) drops jumbo packets
shorter than 65k.
I'll look at it a bit more (either doing the above or ensuring all
firewalls handle trailing data correctly) later.
Regards,
Kristof
More information about the freebsd-net
mailing list