From nobody Tue Jun 6 08:52:28 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qb43w63vyz4ZjcH; Tue, 6 Jun 2023 08:52:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qb43w573qz47Yq; Tue, 6 Jun 2023 08:52:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686041548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Vz4f9BCGseoZ/kE4lewrRfQgFpzxNoZSa2ew9OWHMAk=; b=UC2+e8MPdHgmLXIIXW+uARFyGWutik4K7bcf2XraJ0Pd3x1RfTgWI30kdht7RQNPs6Vc/w iC7RwIWCu5KnSGaln1gMBV73xmlNeXljwkXfHqVA2p7zNEQwaRcRxxOwiheB243U5PXYgA LuJwGtpM/rBluWQV1G/1arA8aahzAJRwBqW1CiZlEQwAQKhwIweJusQLv9FBPENcCj804r cV4Mlt1EPV5z/KJvvopqKab/djQmFmGYwiYe9oZqYF9zirURgha8wkamn5f6gMAcYOFQzl nOmsQ/6vH4mPcGpwe+0ckzLdgIreSy0rRu1cFzF6Ij1YLQgYC55vRkJWFTdq1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686041548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Vz4f9BCGseoZ/kE4lewrRfQgFpzxNoZSa2ew9OWHMAk=; b=MGoCPNaG1SNeTzgUMUJR135nY20Q0FsFE1hp/AURH8CYoYiyW5RAe80LGo3rT6ALBVDpak KchGBlFJsJ2CcB1ZmK//6yR5LLbgN58Sv25V1CucFN36znVtzmIsU3MV8b5CnqE2SVtqbe mW3b0STYeXnq5TtD6Vs16WPkikDC9kZWnhrgJHzD9VlNp4Yt6t9fLcEpE4sgDBk42T5zPT y+ihXqGh3j4CJcM95TdEuBIx5t3Ch86GbAaobbJHJH2pbcHwHFgC5GjjdB091CPuJzI9h3 PYH8vEhqOJF7Ci+chO0fZvcg8N1OWN8dD1/H8xihCI2OWo15g2aYU7RRlFSwjw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1686041548; a=rsa-sha256; cv=none; b=C43qN8aPLP+QMzwEsrqEUebceSWCAZThuZezhBbiFko7yFD367IJID/lPv9ITIW/aMgFcr O56KbqfRPMzMBdyAdi6qRzCLdEK1CMsxjmZUpO7hTMnRA1B/ZVpA/t2YNJJqJ4Sj3LqmHc K1o1+h/UOxhTlvDmxeHpFvdPJfjqKDE6DzK8VQBEKnrs4o6CTPntq0ncQ2KP4yQdoZzF2L WXwK3HD6/SOAOMbgZ1ElxFDQCxdwO5KwBhe/PlIQEYCSh+Hm9xJ8kcJP5ex9UQU6O0kyL3 nxZSqueWp7zLIU0bv8aTj6AkQUp1wUHLxdaBTvofQvMpXOodUpe062tr4uuHJg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Qb43w44xJzP3m; Tue, 6 Jun 2023 08:52:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3568qSEm052406; Tue, 6 Jun 2023 08:52:28 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3568qS8k052394; Tue, 6 Jun 2023 08:52:28 GMT (envelope-from git) Date: Tue, 6 Jun 2023 08:52:28 GMT Message-Id: <202306060852.3568qS8k052394@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 185c1cddd7ef - main - netinet: re-read IP length after PFIL hook List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 185c1cddd7ef34db82bc3a25b3c92556416a4e55 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=185c1cddd7ef34db82bc3a25b3c92556416a4e55 commit 185c1cddd7ef34db82bc3a25b3c92556416a4e55 Author: Kristof Provost AuthorDate: 2023-06-02 14:38:30 +0000 Commit: Kristof Provost CommitDate: 2023-06-06 08:01:03 +0000 netinet: re-read IP length after PFIL hook The pfil hook may modify the packet, so before we check its length (to decide if it needs to be fragmented or not) we should re-read that length. This is most likely to happen when pf is reassembling packets. In that scenario we'd receive the last fragment, which is likely to be a short packet, pf would reassemble it (likely exceeding the interface MTU) and then we'd transmit it without fragmenting, because we're comparing the MTU to the length of the last fragment, not the fully reassembled packet. See also: https://redmine.pfsense.org/issues/14396 Reviewed by: cy MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D40395 --- sys/netinet/ip_output.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index ceae756affa3..1976ab9803af 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -699,6 +699,7 @@ sendit: case 0: /* Continue normally */ ip = mtod(m, struct ip *); + ip_len = ntohs(ip->ip_len); break; case -1: /* Need to try again */