svn commit: r354020 - head/sys/netinet6

[Bjoern A. Zeeb]

Author: bz
Date: Thu Oct 24 12:16:15 2019
New Revision: 354020
URL: https://svnweb.freebsd.org/changeset/base/354020

Log:
  frag6:  leave a note about upper layer header checks TBD
  
  Per sepcification the upper layer header needs to be within the first
  fragment.  The check was not done so far and there is an open review for
  related work, so just leave a note as to where to put it.
  Move the extraction of frag offset up to this as it is needed to determine
  whether this is a first fragment or not.
  
  MFC after:	3 weeks
  Sponsored by:	Netflix

Modified:
  head/sys/netinet6/frag6.c

Modified: head/sys/netinet6/frag6.c
==============================================================================
--- head/sys/netinet6/frag6.c	Thu Oct 24 11:58:24 2019	(r354019)
+++ head/sys/netinet6/frag6.c	Thu Oct 24 12:16:15 2019	(r354020)
@@ -468,6 +468,18 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
 	else if (atomic_load_int(&frag6_nfrags) >= (u_int)ip6_maxfrags)
 		goto dropfrag2;
 
+	/*
+	 * Validate that a full header chain to the ULP is present in the
+	 * packet containing the first fragment as per RFC RFC7112 and
+	 * RFC 8200 pages 18,19:
+	 * The first fragment packet is composed of:
+	 * (3)  Extension headers, if any, and the Upper-Layer header.  These
+	 *      headers must be in the first fragment.  ...
+	 */
+	fragoff = ntohs(ip6f->ip6f_offlg & IP6F_OFF_MASK);
+	/* XXX TODO.  thj has D16851 open for this. */
+	/* Send ICMPv6 4,3 in case of violation. */
+
 	/* Store receive network interface pointer for later. */
 	srcifp = m->m_pkthdr.rcvif;
 
@@ -546,7 +558,6 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
 	 * If it is the 1st fragment, record the length of the
 	 * unfragmentable part and the next header of the fragment header.
 	 */
-	fragoff = ntohs(ip6f->ip6f_offlg & IP6F_OFF_MASK);
 	if (fragoff == 0) {
 		q6->ip6q_unfrglen = offset - sizeof(struct ip6_hdr) -
 		    sizeof(struct ip6_frag);