According to RFC 5722 we drop all IPv6 fragments that belong to a

packet with overlaps.  Adapt existing tests and add one more.

5 files changed, 78 insertions, 13 deletions

diff --git a/regress/sys/netinet6/frag6/Makefile b/regress/sys/netinet6/frag6/Makefile
index a9857862394..051e929a13e 100644
--- a/regress/sys/netinet6/frag6/Makefile
+++ b/regress/sys/netinet6/frag6/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.1 2012/01/06 21:52:15 bluhm Exp $
+#	$OpenBSD: Makefile,v 1.2 2012/01/10 17:21:52 bluhm Exp $
 
 # The following ports must be installed:
 #
@@ -95,6 +95,13 @@ run-regress-frag6-overtail: addr.py
 	@echo Check ping6 tail overlapping last fragment
 	${SUDO} python2.7 frag6_overtail.py ${DST_IN6}
 
+# fragmented packet with overlap, drop future fragments
+TARGETS +=	frag6-overdrop
+run-regress-frag6-overdrop: addr.py
+	@echo '\n======== $@ ========'
+	@echo Check ping6 overlap drop future fragments
+	${SUDO} python2.7 frag6_overdrop.py ${DST_IN6}
+
 # fragmented packet permuted fragments
 TARGETS +=	frag6-permute
 run-regress-frag6-permute: addr.py
diff --git a/regress/sys/netinet6/frag6/frag6_overdrop.py b/regress/sys/netinet6/frag6/frag6_overdrop.py
new file mode 100644
index 00000000000..1eace43acf5
--- /dev/null
+++ b/regress/sys/netinet6/frag6/frag6_overdrop.py
@@ -0,0 +1,55 @@
+#!/usr/local/bin/python2.7
+# send ping6 fragment that overlaps the first fragment with the head
+# send fragments to complete the packet and check that they are dropped
+
+# |---------|
+#      |XXXXXXXXX|
+# |----|
+#      |----|
+#           |----|
+
+import os
+from addr import *
+from scapy.all import *
+
+dstaddr=sys.argv[1]
+pid=os.getpid()
+payload="ABCDEFGHIJKLOMNO"
+dummy="0123456701234567"
+packet=IPv6(src=SRC_OUT6, dst=dstaddr)/ICMPv6EchoRequest(id=pid, data=payload)
+frag=[]
+frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:56])
+frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=1)/dummy)
+frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:48])
+frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=1, m=1)/str(packet)[48:56])
+frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=2)/str(packet)[56:64])
+eth=[]
+for f in frag:
+	pkt=IPv6(src=SRC_OUT6, dst=dstaddr)/f
+	eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt)
+
+if os.fork() == 0:
+	time.sleep(1)
+	sendp(eth, iface=SRC_IF)
+	os._exit(0)
+
+ans=sniff(iface=SRC_IF, timeout=3, filter=
+    "ip6 and src "+dstaddr+" and dst "+SRC_OUT6+" and icmp6")
+for a in ans:
+	if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \
+	    ipv6nh[a.payload.nh] == 'ICMPv6' and \
+	    icmp6types[a.payload.payload.type] == 'Echo Reply':
+		id=a.payload.payload.id
+		print "id=%#x" % (id)
+		if id != pid:
+			print "WRONG ECHO REPLY ID"
+			exit(2)
+		data=a.payload.payload.data
+		print "payload=%s" % (data)
+		if data == payload:
+			print "ECHO REPLY"
+			exit(1)
+		print "PAYLOAD!=%s" % (payload)
+		exit(2)
+print "no echo reply"
+exit(0)
diff --git a/regress/sys/netinet6/frag6/frag6_overhead.py b/regress/sys/netinet6/frag6/frag6_overhead.py
index 388258358bc..295eaebab1c 100644
--- a/regress/sys/netinet6/frag6/frag6_overhead.py
+++ b/regress/sys/netinet6/frag6/frag6_overhead.py
@@ -44,8 +44,9 @@ for a in ans:
 		data=a.payload.payload.data
 		print "payload=%s" % (data)
 		if data == payload:
-			exit(0)
+			print "ECHO REPLY"
+			exit(1)
 		print "PAYLOAD!=%s" % (payload)
-		exit(1)
-print "NO ECHO REPLY"
-exit(2)
+		exit(2)
+print "no echo reply"
+exit(0)
diff --git a/regress/sys/netinet6/frag6/frag6_overhead0.py b/regress/sys/netinet6/frag6/frag6_overhead0.py
index c272a8042d1..0bfdb1c0202 100644
--- a/regress/sys/netinet6/frag6/frag6_overhead0.py
+++ b/regress/sys/netinet6/frag6/frag6_overhead0.py
@@ -42,8 +42,9 @@ for a in ans:
 		data=a.payload.payload.data
 		print "payload=%s" % (data)
 		if data == payload:
-			exit(0)
+			print "ECHO REPLY"
+			exit(1)
 		print "PAYLOAD!=%s" % (payload)
-		exit(1)
-print "NO ECHO REPLY"
-exit(2)
+		exit(2)
+print "no echo reply"
+exit(0)
diff --git a/regress/sys/netinet6/frag6/frag6_overtail.py b/regress/sys/netinet6/frag6/frag6_overtail.py
index dc4d40b215b..1001a8d3fba 100644
--- a/regress/sys/netinet6/frag6/frag6_overtail.py
+++ b/regress/sys/netinet6/frag6/frag6_overtail.py
@@ -42,8 +42,9 @@ for a in ans:
 		data=a.payload.payload.data
 		print "payload=%s" % (data)
 		if data == payload:
-			exit(0)
+			print "ECHO REPLY"
+			exit(1)
 		print "PAYLOAD!=%s" % (payload)
-		exit(1)
-print "NO ECHO REPLY"
-exit(2)
+		exit(2)
+print "no echo reply"
+exit(0)