Diffusion FreeBSD src repository 239e24eb0cf6

pf: Handle (*m0)->m_len < sizeof(struct ip) case
239e24eb0cf6
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

pf: Handle (*m0)->m_len < sizeof(struct ip) case

if_enc(4) can pass IPsec payload to pfil(9) with the outer header or without
it. In case of a small packet like ICMP, when mbuf cluster is not used,
everything works fine. Otherwise, the first mbuf in a chain has m_len == 0
if it is asked to strip the outer header. pf was not handling such case, and
erroneous reading of the outer IP header led to unexpected behavior.

Reviewed by: kp, glebius
Differential Revision: https://reviews.freebsd.org/D45780

Details

Provenance

igoro	Authored on Jul 2 2024, 12:41 PM
kp	Committed on Jul 2 2024, 12:43 PM

Reviewer

Differential Revision

D45780: pf: Handle (*m0)->m_len < sizeof(struct ip) case

Parents

rG087f5e08ab5f: if_vxlan(4): Plug a memory leak

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG239e24eb0cf6: pf: Handle (*m0)->m_len < sizeof(struct ip) case (authored by igoro).Jul 2 2024, 12:43 PM

kp added an edge: D45780: pf: Handle (*m0)->m_len < sizeof(struct ip) case.Jul 2 2024, 3:41 PM

Changes (3)

Path

Size

sys/

netpfil/

pf/

tests/

sys/

netpfil/

pf/

rG239e24eb0cf6

sys/netpfil/pf/pf.c

Loading...

tests/sys/netpfil/pf/Makefile

Loading...

tests/sys/netpfil/pf/if_enc.sh

Loading...