svn commit: r350414 - head/sys/netpfil/pf

[Kristof Provost]

Author: kp
Date: Mon Jul 29 13:21:31 2019
New Revision: 350414
URL: https://svnweb.freebsd.org/changeset/base/350414

Log:
  pf: Remove partial RFC2675 support
  
  Remove our (very partial) support for RFC2675 Jumbograms. They're not
  used, not actually supported and not a good idea.
  
  Reviewed by:	thj@
  Differential Revision:	https://reviews.freebsd.org/D21086

Modified:
  head/sys/netpfil/pf/pf.c
  head/sys/netpfil/pf/pf_norm.c

Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c	Mon Jul 29 12:55:48 2019	(r350413)
+++ head/sys/netpfil/pf/pf.c	Mon Jul 29 13:21:31 2019	(r350414)
@@ -6351,9 +6351,8 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struc
 	m = *m0;	/* pf_normalize messes with m0 */
 	h = mtod(m, struct ip6_hdr *);
 
-#if 1
 	/*
-	 * we do not support jumbogram yet.  if we keep going, zero ip6_plen
+	 * we do not support jumbogram.  if we keep going, zero ip6_plen
 	 * will do something bad, so drop the packet for now.
 	 */
 	if (htons(h->ip6_plen) == 0) {
@@ -6361,7 +6360,6 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struc
 		REASON_SET(&reason, PFRES_NORM);	/*XXX*/
 		goto done;
 	}
-#endif
 
 	pd.src = (struct pf_addr *)&h->ip6_src;
 	pd.dst = (struct pf_addr *)&h->ip6_dst;

Modified: head/sys/netpfil/pf/pf_norm.c
==============================================================================
--- head/sys/netpfil/pf/pf_norm.c	Mon Jul 29 12:55:48 2019	(r350413)
+++ head/sys/netpfil/pf/pf_norm.c	Mon Jul 29 13:21:31 2019	(r350414)
@@ -1139,9 +1139,8 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi
 	int			 off;
 	struct ip6_ext		 ext;
 	struct ip6_opt		 opt;
-	struct ip6_opt_jumbo	 jumbo;
 	struct ip6_frag		 frag;
-	u_int32_t		 jumbolen = 0, plen;
+	u_int32_t		 plen;
 	int			 optend;
 	int			 ooff;
 	u_int8_t		 proto;
@@ -1185,6 +1184,11 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi
 	if (sizeof(struct ip6_hdr) + IPV6_MAXPACKET < m->m_pkthdr.len)
 		goto drop;
 
+	plen = ntohs(h->ip6_plen);
+	/* jumbo payload option not supported */
+	if (plen == 0)
+		goto drop;
+
 	extoff = 0;
 	off = sizeof(struct ip6_hdr);
 	proto = h->ip6_nxt;
@@ -1228,26 +1232,8 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi
 					goto shortpkt;
 				if (ooff + sizeof(opt) + opt.ip6o_len > optend)
 					goto drop;
-				switch (opt.ip6o_type) {
-				case IP6OPT_JUMBO:
-					if (h->ip6_plen != 0)
-						goto drop;
-					if (!pf_pull_hdr(m, ooff, &jumbo,
-					    sizeof(jumbo), NULL, NULL,
-					    AF_INET6))
-						goto shortpkt;
-					memcpy(&jumbolen, jumbo.ip6oj_jumbo_len,
-					    sizeof(jumbolen));
-					jumbolen = ntohl(jumbolen);
-					if (jumbolen <= IPV6_MAXPACKET)
-						goto drop;
-					if (sizeof(struct ip6_hdr) + jumbolen !=
-					    m->m_pkthdr.len)
-						goto drop;
-					break;
-				default:
-					break;
-				}
+				if (opt.ip6o_type == IP6OPT_JUMBO)
+					goto drop;
 				ooff += sizeof(opt) + opt.ip6o_len;
 			} while (ooff < optend);
 
@@ -1260,13 +1246,6 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi
 		}
 	} while (!terminal);
 
-	/* jumbo payload option must be present, or plen > 0 */
-	if (ntohs(h->ip6_plen) == 0)
-		plen = jumbolen;
-	else
-		plen = ntohs(h->ip6_plen);
-	if (plen == 0)
-		goto drop;
 	if (sizeof(struct ip6_hdr) + plen > m->m_pkthdr.len)
 		goto shortpkt;
 
@@ -1275,10 +1254,6 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi
 	return (PF_PASS);
 
  fragment:
-	/* Jumbo payload packets cannot be fragmented. */
-	plen = ntohs(h->ip6_plen);
-	if (plen == 0 || jumbolen)
-		goto drop;
 	if (sizeof(struct ip6_hdr) + plen > m->m_pkthdr.len)
 		goto shortpkt;