Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Apr 2015 12:16:57 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r280956 - head/sys/netpfil/pf
Message-ID:  <201504011216.t31CGv0C047694@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kp
Date: Wed Apr  1 12:16:56 2015
New Revision: 280956
URL: https://svnweb.freebsd.org/changeset/base/280956

Log:
  pf: Deal with runt packets
  
  On Ethernet packets have a minimal length, so very short packets get padding
  appended to them. This padding is not stripped off in ip6_input() (due to
  support for IPv6 Jumbograms, RFC2675).
  That means PF needs to be careful when reassembling fragmented packets to not
  include the padding in the reassembled packet.
  
  While here also remove the 'Magic from ip_input.' bits. Splitting up and
  re-joining an mbuf chain here doesn't make any sense.
  
  Differential Revision:	https://reviews.freebsd.org/D2189
  Approved by:		gnn (mentor)

Modified:
  head/sys/netpfil/pf/pf_norm.c

Modified: head/sys/netpfil/pf/pf_norm.c
==============================================================================
--- head/sys/netpfil/pf/pf_norm.c	Wed Apr  1 12:15:01 2015	(r280955)
+++ head/sys/netpfil/pf/pf_norm.c	Wed Apr  1 12:16:56 2015	(r280956)
@@ -573,11 +573,8 @@ pf_join_fragment(struct pf_fragment *fra
 	frent = TAILQ_FIRST(&frag->fr_queue);
 	next = TAILQ_NEXT(frent, fr_next);
 
-	/* Magic from ip_input. */
 	m = frent->fe_m;
-	m2 = m->m_next;
-	m->m_next = NULL;
-	m_cat(m, m2);
+	m_adj(m, (frent->fe_hdrlen + frent->fe_len) - m->m_pkthdr.len);
 	uma_zfree(V_pf_frent_z, frent);
 	for (frent = next; frent != NULL; frent = next) {
 		next = TAILQ_NEXT(frent, fr_next);
@@ -585,6 +582,9 @@ pf_join_fragment(struct pf_fragment *fra
 		m2 = frent->fe_m;
 		/* Strip off ip header. */
 		m_adj(m2, frent->fe_hdrlen);
+		/* Strip off any trailing bytes. */
+		m_adj(m2, frent->fe_len - m2->m_pkthdr.len);
+
 		uma_zfree(V_pf_frent_z, frent);
 		m_cat(m, m2);
 	}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504011216.t31CGv0C047694>