svn commit: r284573 - stable/10/sys/netpfil/pf
Kristof Provost
kp at FreeBSD.org
Thu Jun 18 20:41:56 UTC 2015
Author: kp
Date: Thu Jun 18 20:41:55 2015
New Revision: 284573
URL: https://svnweb.freebsd.org/changeset/base/284573
Log:
Merge r280956
pf: Deal with runt packets
On Ethernet packets have a minimal length, so very short packets get padding
appended to them. This padding is not stripped off in ip6_input() (due to
support for IPv6 Jumbograms, RFC2675).
That means PF needs to be careful when reassembling fragmented packets to not
include the padding in the reassembled packet.
While here also remove the 'Magic from ip_input.' bits. Splitting up and
re-joining an mbuf chain here doesn't make any sense.
Differential Revision: https://reviews.freebsd.org/D2818
Reviewed by: gnn
Modified:
stable/10/sys/netpfil/pf/pf_norm.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/netpfil/pf/pf_norm.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 20:40:36 2015 (r284572)
+++ stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 20:41:55 2015 (r284573)
@@ -582,11 +582,8 @@ pf_join_fragment(struct pf_fragment *fra
frent = TAILQ_FIRST(&frag->fr_queue);
next = TAILQ_NEXT(frent, fr_next);
- /* Magic from ip_input. */
m = frent->fe_m;
- m2 = m->m_next;
- m->m_next = NULL;
- m_cat(m, m2);
+ m_adj(m, (frent->fe_hdrlen + frent->fe_len) - m->m_pkthdr.len);
uma_zfree(V_pf_frent_z, frent);
for (frent = next; frent != NULL; frent = next) {
next = TAILQ_NEXT(frent, fr_next);
@@ -594,6 +591,9 @@ pf_join_fragment(struct pf_fragment *fra
m2 = frent->fe_m;
/* Strip off ip header. */
m_adj(m2, frent->fe_hdrlen);
+ /* Strip off any trailing bytes. */
+ m_adj(m2, frent->fe_len - m2->m_pkthdr.len);
+
uma_zfree(V_pf_frent_z, frent);
m_cat(m, m2);
}
More information about the svn-src-all
mailing list