Differential D46925

pf: reduce IPv6 header parsing code duplication
Needs ReviewPublic
Actions

Authored by kp on Fri, Oct 4, 12:43 PM.

Tags

None

Referenced Files

None

Subscribers

vegeta_tuxpowered.net

Details

Reviewers

None

Group Reviewers

network
pfsense

Summary

There were two loops in pf_setup_pdesc() and pf_normalize_ip6()
walking over the IPv6 header chain. Merge them into one loop,
adjust some length checks and fix IPv6 jumbo option handling. Also
allow strange but legal IPv6 packets with plen=0 passing through
pf. IPv6 jumbo packets still get dropped.
testing dhill@; ok mcbride@ henning@

Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, d68283bbf0
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 59738
Build 56624: arc lint + arc unit

Event Timeline

kp created this revision.Fri, Oct 4, 12:43 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 3 others. · View Herald TranscriptFri, Oct 4, 12:43 PM

kp requested review of this revision.Fri, Oct 4, 12:43 PM

Harbormaster completed remote builds in B59738: Diff 144227.Fri, Oct 4, 12:43 PM

kp added a child revision: D46926: pfctl: correctly print skip steps in -vv mode.Fri, Oct 4, 12:43 PM

Revision Contents
Changeset List

Path

Size

sys/

net/

6 lines

netpfil/

pf/

261 lines

145 lines

Diff 144227

sys/net/pfvar.h

Loading...

sys/netpfil/pf/pf.c

Loading...

sys/netpfil/pf/pf_norm.c

Loading...