diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-10-24 11:09:06 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-10-24 11:09:06 +0000 |
| commit | 67fd66d7d5b19e62e59ecf43dd06863d8628cae5 (patch) | |
| tree | 81b1fd1f3620928bca8ad61f4bee04644cc668c6 /sys/netinet6/frag6.c | |
| parent | 1b1e79df27220b31cb1bb014ee19cd8e30769ae3 (diff) | |
When the IPv6 network stack receives an empty non atomic fragment,
just drop it. It can never overlap existing content, there is no
ambiguous payload. So save resources and do not try to insert it
into the queue. This makes our IPv6 stack behave like pf fragment
reassembly.
OK deraadt@
Diffstat (limited to 'sys/netinet6/frag6.c')
| -rw-r--r-- | sys/netinet6/frag6.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c index 39de30cac21..fb47d20c109 100644 --- a/sys/netinet6/frag6.c +++ b/sys/netinet6/frag6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frag6.c,v 1.69 2016/08/24 09:41:12 mpi Exp $ */ +/* $OpenBSD: frag6.c,v 1.70 2016/10/24 11:09:05 bluhm Exp $ */ /* $KAME: frag6.c,v 1.40 2002/05/27 21:40:31 itojun Exp $ */ /* @@ -208,6 +208,12 @@ frag6_input(struct mbuf **mp, int *offp, int proto) return ip6f->ip6f_nxt; } + /* Ignore empty non atomic fragment, do not classify as overlapping. */ + if (sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen) <= offset) { + m_freem(m); + return IPPROTO_DONE; + } + IP6Q_LOCK(); /* |