HomeFreeBSD
Diffusion FreeBSD src repository 2e0f053ad52b

pf: fix fragment hole count
2e0f053ad52b
Actions

Description

pf: fix fragment hole count

Fragment reassembly finishes when no holes are left in the fragment
queue. In certain overlap conditions, the hole counter was wrong
and pf(4) created an incomplete IP packet. Before adjusting the
length, remove the overlapping fragment from the queue and insert
it again afterwards. pf_frent_remove() and pf_frent_insert() adjust
the hole counter automatically.

bug reported and fix tested by Lucas Aubard with Johan Mazel, Gilles
Guette and Pierre Chifflier; OK claudio@

MFC after: 1 week
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 9915416fe8
Sponsored by: Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 8b2feafb535d10a559b995c6fc2529715f927e2a)

Details

Provenance
kpAuthored on Feb 4 2025, 4:19 PM
Parents
rGd02fb54b5a90: pf: do not keep state when dropping overlapping IPv6 fragments
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
netpfil/
pf/

rG2e0f053ad52b

View Options

sys/netpfil/pf/pf_norm.c

Loading...