Date: Mon, 24 May 2010 20:57:15 -0700 From: Julian Elischer <julian@elischer.org> To: Matthew Luckie <mjl@luckie.org.nz> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW flaws with IPv6 fragments Message-ID: <4BFB4A9B.3040505@elischer.org> In-Reply-To: <4BFB2E51.1000800@luckie.org.nz> References: <4BFB2E51.1000800@luckie.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/24/10 6:56 PM, Matthew Luckie wrote: > Hi > > I'm just wondering if I can interest anyone in an IPFW PR with a tested > patch, which I submitted a few weeks ago. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=145733 > > The flaws that the patch fixes: > > - Rejection of packets with an IPv6 Fragmentation header if the packet > is not actually fragmented (offset and mf both zero). This type of > packet is allowed by RFC 2460. > > - Rejection of fragments with offset != 0 if they are small (because > the code tries to pullup a transport layer header which isn't there) > > - No check of the transport layer fields with for the first fragment > offset zero because the mf bit is masked into the offset field. > > I'm happy to address any concerns with the patch if there are any. I think everyone is staying clear of ipfw at the moment as Luigi is dong work on it. if he gets done with his new work he will hopefully address the many ipfw bugs currently reported. > > Thanks, > > Matthew > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BFB4A9B.3040505>