svn commit: r327337 - stable/11/sys/netinet6

Andrey V. Elsukov ae at FreeBSD.org
Fri Dec 29 10:47:26 UTC 2017 

Author: ae
Date: Fri Dec 29 10:47:24 2017
New Revision: 327337
URL: https://svnweb.freebsd.org/changeset/base/327337

Log:
  MFC r326876:
    Follow the RFC6980 and silently ignore following IPv6 NDP messages
    that had the IPv6 fragmentation header:
     o  Neighbor Solicitation
     o  Neighbor Advertisement
     o  Router Solicitation
     o  Router Advertisement
     o  Redirect
  
    Introduce M_FRAGMENTED mbuf flag, and set it after IPv6 fragment reassembly
    is completed. Then check the presence of this flag in correspondig ND6
    handling routines.
  
    PR:		224247

Modified:
  stable/11/sys/netinet6/frag6.c
  stable/11/sys/netinet6/icmp6.c
  stable/11/sys/netinet6/in6.h
  stable/11/sys/netinet6/nd6_nbr.c
  stable/11/sys/netinet6/nd6_rtr.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netinet6/frag6.c
==============================================================================
--- stable/11/sys/netinet6/frag6.c	Fri Dec 29 07:23:18 2017	(r327336)
+++ stable/11/sys/netinet6/frag6.c	Fri Dec 29 10:47:24 2017	(r327337)
@@ -225,6 +225,7 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
 		IP6STAT_INC(ip6s_reassembled);
 		in6_ifstat_inc(dstifp, ifs6_reass_ok);
 		*offp = offset;
+		m->m_flags |= M_FRAGMENTED;
 		return (ip6f->ip6f_nxt);
 	}
 
@@ -825,5 +826,6 @@ ip6_deletefraghdr(struct mbuf *m, int offset, int wait
 		m_cat(m, t);
 	}
 
+	m->m_flags |= M_FRAGMENTED;
 	return (0);
 }

Modified: stable/11/sys/netinet6/icmp6.c
==============================================================================
--- stable/11/sys/netinet6/icmp6.c	Fri Dec 29 07:23:18 2017	(r327336)
+++ stable/11/sys/netinet6/icmp6.c	Fri Dec 29 10:47:24 2017	(r327337)
@@ -2249,6 +2249,10 @@ icmp6_redirect_input(struct mbuf *m, int off)
 	if (!V_icmp6_rediraccept)
 		goto freeit;
 
+	/* RFC 6980: Nodes MUST silently ignore fragments */
+	if(m->m_flags & M_FRAGMENTED)
+		goto freeit;
+
 #ifndef PULLDOWN_TEST
 	IP6_EXTHDR_CHECK(m, off, icmp6len,);
 	nd_rd = (struct nd_redirect *)((caddr_t)ip6 + off);

Modified: stable/11/sys/netinet6/in6.h
==============================================================================
--- stable/11/sys/netinet6/in6.h	Fri Dec 29 07:23:18 2017	(r327336)
+++ stable/11/sys/netinet6/in6.h	Fri Dec 29 10:47:24 2017	(r327337)
@@ -653,6 +653,7 @@ struct ip6_mtuinfo {
 #define	M_LOOP			M_PROTO6
 #define	M_AUTHIPDGM		M_PROTO7
 #define	M_RTALERT_MLD		M_PROTO8
+#define	M_FRAGMENTED		M_PROTO9	/* contained fragment header */
 
 #ifdef _KERNEL
 struct cmsghdr;

Modified: stable/11/sys/netinet6/nd6_nbr.c
==============================================================================
--- stable/11/sys/netinet6/nd6_nbr.c	Fri Dec 29 07:23:18 2017	(r327336)
+++ stable/11/sys/netinet6/nd6_nbr.c	Fri Dec 29 10:47:24 2017	(r327337)
@@ -135,6 +135,10 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len)
 	struct sockaddr_dl proxydl;
 	char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
 
+	/* RFC 6980: Nodes MUST silently ignore fragments */
+	if(m->m_flags & M_FRAGMENTED)
+		goto freeit;
+
 	rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0;
 	if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif)
 		rflag = 0;
@@ -628,6 +632,10 @@ nd6_na_input(struct mbuf *m, int off, int icmp6len)
 	size_t linkhdrsize;
 	int lladdr_off;
 	char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
+
+	/* RFC 6980: Nodes MUST silently ignore fragments */
+	if(m->m_flags & M_FRAGMENTED)
+		goto freeit;
 
 	if (ip6->ip6_hlim != 255) {
 		nd6log((LOG_ERR,

Modified: stable/11/sys/netinet6/nd6_rtr.c
==============================================================================
--- stable/11/sys/netinet6/nd6_rtr.c	Fri Dec 29 07:23:18 2017	(r327336)
+++ stable/11/sys/netinet6/nd6_rtr.c	Fri Dec 29 10:47:24 2017	(r327337)
@@ -137,6 +137,10 @@ nd6_rs_input(struct mbuf *m, int off, int icmp6len)
 	if (!V_ip6_forwarding || ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV)
 		goto freeit;
 
+	/* RFC 6980: Nodes MUST silently ignore fragments */   
+	if(m->m_flags & M_FRAGMENTED)
+		goto freeit;
+
 	/* Sanity checks */
 	if (ip6->ip6_hlim != 255) {
 		nd6log((LOG_ERR,
@@ -225,6 +229,10 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len)
 	 * ND6_IFF_ACCEPT_RTADV is on the receiving interface.
 	 */
 	if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV))
+		goto freeit;
+
+	/* RFC 6980: Nodes MUST silently ignore fragments */
+	if(m->m_flags & M_FRAGMENTED)
 		goto freeit;
 
 	if (ip6->ip6_hlim != 255) {

More information about the svn-src-stable mailing list