Date: Mon, 29 Jul 2019 13:21:31 +0000 (UTC) From: Kristof Provost <kp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r350414 - head/sys/netpfil/pf Message-ID: <201907291321.x6TDLVXs038568@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kp Date: Mon Jul 29 13:21:31 2019 New Revision: 350414 URL: https://svnweb.freebsd.org/changeset/base/350414 Log: pf: Remove partial RFC2675 support Remove our (very partial) support for RFC2675 Jumbograms. They're not used, not actually supported and not a good idea. Reviewed by: thj@ Differential Revision: https://reviews.freebsd.org/D21086 Modified: head/sys/netpfil/pf/pf.c head/sys/netpfil/pf/pf_norm.c Modified: head/sys/netpfil/pf/pf.c ============================================================================== --- head/sys/netpfil/pf/pf.c Mon Jul 29 12:55:48 2019 (r350413) +++ head/sys/netpfil/pf/pf.c Mon Jul 29 13:21:31 2019 (r350414) @@ -6351,9 +6351,8 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struc m = *m0; /* pf_normalize messes with m0 */ h = mtod(m, struct ip6_hdr *); -#if 1 /* - * we do not support jumbogram yet. if we keep going, zero ip6_plen + * we do not support jumbogram. if we keep going, zero ip6_plen * will do something bad, so drop the packet for now. */ if (htons(h->ip6_plen) == 0) { @@ -6361,7 +6360,6 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struc REASON_SET(&reason, PFRES_NORM); /*XXX*/ goto done; } -#endif pd.src = (struct pf_addr *)&h->ip6_src; pd.dst = (struct pf_addr *)&h->ip6_dst; Modified: head/sys/netpfil/pf/pf_norm.c ============================================================================== --- head/sys/netpfil/pf/pf_norm.c Mon Jul 29 12:55:48 2019 (r350413) +++ head/sys/netpfil/pf/pf_norm.c Mon Jul 29 13:21:31 2019 (r350414) @@ -1139,9 +1139,8 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi int off; struct ip6_ext ext; struct ip6_opt opt; - struct ip6_opt_jumbo jumbo; struct ip6_frag frag; - u_int32_t jumbolen = 0, plen; + u_int32_t plen; int optend; int ooff; u_int8_t proto; @@ -1185,6 +1184,11 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi if (sizeof(struct ip6_hdr) + IPV6_MAXPACKET < m->m_pkthdr.len) goto drop; + plen = ntohs(h->ip6_plen); + /* jumbo payload option not supported */ + if (plen == 0) + goto drop; + extoff = 0; off = sizeof(struct ip6_hdr); proto = h->ip6_nxt; @@ -1228,26 +1232,8 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi goto shortpkt; if (ooff + sizeof(opt) + opt.ip6o_len > optend) goto drop; - switch (opt.ip6o_type) { - case IP6OPT_JUMBO: - if (h->ip6_plen != 0) - goto drop; - if (!pf_pull_hdr(m, ooff, &jumbo, - sizeof(jumbo), NULL, NULL, - AF_INET6)) - goto shortpkt; - memcpy(&jumbolen, jumbo.ip6oj_jumbo_len, - sizeof(jumbolen)); - jumbolen = ntohl(jumbolen); - if (jumbolen <= IPV6_MAXPACKET) - goto drop; - if (sizeof(struct ip6_hdr) + jumbolen != - m->m_pkthdr.len) - goto drop; - break; - default: - break; - } + if (opt.ip6o_type == IP6OPT_JUMBO) + goto drop; ooff += sizeof(opt) + opt.ip6o_len; } while (ooff < optend); @@ -1260,13 +1246,6 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi } } while (!terminal); - /* jumbo payload option must be present, or plen > 0 */ - if (ntohs(h->ip6_plen) == 0) - plen = jumbolen; - else - plen = ntohs(h->ip6_plen); - if (plen == 0) - goto drop; if (sizeof(struct ip6_hdr) + plen > m->m_pkthdr.len) goto shortpkt; @@ -1275,10 +1254,6 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi return (PF_PASS); fragment: - /* Jumbo payload packets cannot be fragmented. */ - plen = ntohs(h->ip6_plen); - if (plen == 0 || jumbolen) - goto drop; if (sizeof(struct ip6_hdr) + plen > m->m_pkthdr.len) goto shortpkt;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907291321.x6TDLVXs038568>