IPFW flaws with IPv6 fragments
Matthew Luckie
mjl at luckie.org.nz
Tue May 25 02:17:40 UTC 2010
Hi
I'm just wondering if I can interest anyone in an IPFW PR with a tested
patch, which I submitted a few weeks ago.
http://www.freebsd.org/cgi/query-pr.cgi?pr=145733
The flaws that the patch fixes:
- Rejection of packets with an IPv6 Fragmentation header if the packet
is not actually fragmented (offset and mf both zero). This type of
packet is allowed by RFC 2460.
- Rejection of fragments with offset != 0 if they are small (because
the code tries to pullup a transport layer header which isn't there)
- No check of the transport layer fields with for the first fragment
offset zero because the mf bit is masked into the offset field.
I'm happy to address any concerns with the patch if there are any.
Thanks,
Matthew
More information about the freebsd-ipfw
mailing list