[Bug 288549] PF panic with NAT + UDP fragments

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 05 Aug 2025 22:28:23 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288549

--- Comment #6 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=8a309785c9b186c809a5d4b017fc8cf849af1ddd

commit 8a309785c9b186c809a5d4b017fc8cf849af1ddd
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-08-04 08:29:09 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-08-05 22:27:16 +0000

    pf: fix handling unreassembled fragments

    If we handle a fragment and are configured not to reassemble it the
    pd->proto field will show the layer 4 protocol (i.e. UDP,TCP,SCTP,...) but
    pd->virtual_proto will show we're a fragment.
    In that case we also don't have the layer 4 checksum pointer. Have code
that
    cares about L4 (e.g. NAT) check virtual_proto so it doesn't try to
dereference a
    NULL pcksum field.

    PR:             288549
    Reported by:    Danilo Egea Gondolfo <danilo@FreeBSD.org>
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D51722

 sys/netpfil/pf/pf.c                 |  4 +--
 tests/sys/netpfil/pf/Makefile       |  1 +
 tests/sys/netpfil/pf/frag4.py (new) | 72 +++++++++++++++++++++++++++++++++++++
 3 files changed, 75 insertions(+), 2 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.