Page MenuHomeFreeBSD
Differential D46925

pf: reduce IPv6 header parsing code duplication
ClosedPublic
Actions

Authored by kp on Oct 4 2024, 12:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Apr 26, 3:36 AM
Unknown Object (File)
Mon, Apr 21, 2:33 PM
Unknown Object (File)
Fri, Apr 4, 5:25 AM
Unknown Object (File)
Mar 10 2025, 2:09 AM
Unknown Object (File)
Feb 14 2025, 12:18 PM
Unknown Object (File)
Feb 11 2025, 8:36 PM
Unknown Object (File)
Feb 11 2025, 5:39 PM
Unknown Object (File)
Feb 10 2025, 1:30 PM
View All 30 Files
Subscribers
ae
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG8de7f8ed5eef: pf: reduce IPv6 header parsing code duplication
Summary

There were two loops in pf_setup_pdesc() and pf_normalize_ip6()
walking over the IPv6 header chain. Merge them into one loop,
adjust some length checks and fix IPv6 jumbo option handling. Also
allow strange but legal IPv6 packets with plen=0 passing through
pf. IPv6 jumbo packets still get dropped.
testing dhill@; ok mcbride@ henning@

Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, d68283bbf0
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 59738
Build 56624: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
net/
6 lines
netpfil/
pf/
261 lines
145 lines

Diff 144227

View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_norm.c

Loading...