From owner-freebsd-ipfw@FreeBSD.ORG Tue May 25 03:57:10 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 681CD106566C for ; Tue, 25 May 2010 03:57:10 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (out-0-36.mx.aerioconnect.net [216.240.47.96]) by mx1.freebsd.org (Postfix) with ESMTP id 4B1188FC18 for ; Tue, 25 May 2010 03:57:10 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o4P3v5sv014512; Mon, 24 May 2010 20:57:05 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 61DDD2D6014; Mon, 24 May 2010 20:57:04 -0700 (PDT) Message-ID: <4BFB4A9B.3040505@elischer.org> Date: Mon, 24 May 2010 20:57:15 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Matthew Luckie References: <4BFB2E51.1000800@luckie.org.nz> In-Reply-To: <4BFB2E51.1000800@luckie.org.nz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW flaws with IPv6 fragments X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 May 2010 03:57:10 -0000 On 5/24/10 6:56 PM, Matthew Luckie wrote: > Hi > > I'm just wondering if I can interest anyone in an IPFW PR with a tested > patch, which I submitted a few weeks ago. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=145733 > > The flaws that the patch fixes: > > - Rejection of packets with an IPv6 Fragmentation header if the packet > is not actually fragmented (offset and mf both zero). This type of > packet is allowed by RFC 2460. > > - Rejection of fragments with offset != 0 if they are small (because > the code tries to pullup a transport layer header which isn't there) > > - No check of the transport layer fields with for the first fragment > offset zero because the mf bit is masked into the offset field. > > I'm happy to address any concerns with the patch if there are any. I think everyone is staying clear of ipfw at the moment as Luigi is dong work on it. if he gets done with his new work he will hopefully address the many ipfw bugs currently reported. > > Thanks, > > Matthew > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"