Date: Tue, 25 May 2010 13:56:33 +1200 From: Matthew Luckie <mjl@luckie.org.nz> To: freebsd-ipfw@freebsd.org Subject: IPFW flaws with IPv6 fragments Message-ID: <4BFB2E51.1000800@luckie.org.nz>
next in thread | raw e-mail | index | archive | help
Hi I'm just wondering if I can interest anyone in an IPFW PR with a tested patch, which I submitted a few weeks ago. http://www.freebsd.org/cgi/query-pr.cgi?pr=145733 The flaws that the patch fixes: - Rejection of packets with an IPv6 Fragmentation header if the packet is not actually fragmented (offset and mf both zero). This type of packet is allowed by RFC 2460. - Rejection of fragments with offset != 0 if they are small (because the code tries to pullup a transport layer header which isn't there) - No check of the transport layer fields with for the first fragment offset zero because the mf bit is masked into the offset field. I'm happy to address any concerns with the patch if there are any. Thanks, Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BFB2E51.1000800>