Date: Thu, 31 May 2018 16:00:03 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r334438 - stable/11/sys/netinet6 Message-ID: <201805311600.w4VG03xv066087@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Thu May 31 16:00:03 2018 New Revision: 334438 URL: https://svnweb.freebsd.org/changeset/base/334438 Log: MFC r333186: Send an ICMPv6 PacketTooBig message in case of forwading a packet which is too big for the outgoing interface and no firewall is involed. This problem was introduced in https://svnweb.freebsd.org/changeset/base/324996 Thanks to Irene Ruengeler for finding the bug and testing the fix. Approved by: re Modified: stable/11/sys/netinet6/ip6_fastfwd.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet6/ip6_fastfwd.c ============================================================================== --- stable/11/sys/netinet6/ip6_fastfwd.c Thu May 31 15:58:28 2018 (r334437) +++ stable/11/sys/netinet6/ip6_fastfwd.c Thu May 31 16:00:03 2018 (r334438) @@ -195,12 +195,19 @@ passin: in6_ifstat_inc(rcvif, ifs6_in_noroute); goto dropin; } + if (!PFIL_HOOKED(&V_inet6_pfil_hook)) { + if (m->m_pkthdr.len > nh.nh_mtu) { + in6_ifstat_inc(nh.nh_ifp, ifs6_in_toobig); + icmp6_error(m, ICMP6_PACKET_TOO_BIG, 0, nh.nh_mtu); + m = NULL; + goto dropout; + } + goto passout; + } /* * Outgoing packet firewall processing. */ - if (!PFIL_HOOKED(&V_inet6_pfil_hook)) - goto passout; if (pfil_run_hooks(&V_inet6_pfil_hook, &m, nh.nh_ifp, PFIL_OUT, PFIL_FWD, NULL) != 0 || m == NULL) goto dropout;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805311600.w4VG03xv066087>