Date: Tue, 17 Dec 2024 10:08:04 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 6c5c91a039c7 - main - pf: update pd->tot_len after reassembly Message-ID: <202412171008.4BHA84V2024459@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=6c5c91a039c77244dac38f638a8e2323ae78ff3d commit 6c5c91a039c77244dac38f638a8e2323ae78ff3d Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-11-21 14:53:28 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-12-17 10:07:16 +0000 pf: update pd->tot_len after reassembly Ensure that the packet length we track in struct pf_pdesc matches the reassembled packet size. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47803 --- sys/netpfil/pf/pf_norm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 350392623123..cea6f9e72638 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -1198,6 +1198,7 @@ pf_normalize_ip(struct mbuf **m0, u_short *reason, return (PF_DROP); h = mtod(pd->m, struct ip *); + pd->tot_len = htons(h->ip_len); no_fragment: /* At this point, only IP_DF is allowed in ip_off */ @@ -1228,6 +1229,7 @@ pf_normalize_ip6(struct mbuf **m0, int off, u_short *reason, struct pf_pdesc *pd) { struct pf_krule *r; + struct ip6_hdr *h; struct ip6_frag frag; bool scrub_compat; @@ -1294,6 +1296,8 @@ pf_normalize_ip6(struct mbuf **m0, int off, u_short *reason, pd->m = *m0; if (pd->m == NULL) return (PF_DROP); + h = mtod(pd->m, struct ip6_hdr *); + pd->tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr); } return (PF_PASS);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202412171008.4BHA84V2024459>