git: 185c1cddd7ef - main - netinet: re-read IP length after PFIL hook

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Tue, 06 Jun 2023 08:52:28 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=185c1cddd7ef34db82bc3a25b3c92556416a4e55

commit 185c1cddd7ef34db82bc3a25b3c92556416a4e55
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-06-02 14:38:30 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-06-06 08:01:03 +0000

    netinet: re-read IP length after PFIL hook
    
    The pfil hook may modify the packet, so before we check its length (to
    decide if it needs to be fragmented or not) we should re-read that
    length.
    
    This is most likely to happen when pf is reassembling packets. In that
    scenario we'd receive the last fragment, which is likely to be a short
    packet, pf would reassemble it (likely exceeding the interface MTU) and
    then we'd transmit it without fragmenting, because we're comparing the
    MTU to the length of the last fragment, not the fully reassembled
    packet.
    
    See also:       https://redmine.pfsense.org/issues/14396
    Reviewed by:    cy
    MFC after:      3 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D40395
---
 sys/netinet/ip_output.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index ceae756affa3..1976ab9803af 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -699,6 +699,7 @@ sendit:
 
 		case 0: /* Continue normally */
 			ip = mtod(m, struct ip *);
+			ip_len = ntohs(ip->ip_len);
 			break;
 
 		case -1: /* Need to try again */