diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2011-03-23 09:26:13 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2011-03-23 09:26:13 +0000 |
commit | 8b9d29df07aae57aa0c4e71eb75da585cea7172a (patch) | |
tree | 237b6107a844af376590568cee5cf4e53abdb749 /sys | |
parent | 5d04f8056892be3b9bc86b4387219a05ed2216eb (diff) |
With pf IPv6 fragment reassembly, a large packet gets refragmented
by pf in the forward path. To avoid dropping the unfragmented
packet in ip6_forward(), move the MTU size check behind pf_test6().
ok claudio@
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet6/ip6_forward.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index 210df948d91..6be4b14f967 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_forward.c,v 1.50 2011/01/09 20:25:46 bluhm Exp $ */ +/* $OpenBSD: ip6_forward.c,v 1.51 2011/03/23 09:26:12 bluhm Exp $ */ /* $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $ */ /* @@ -381,19 +381,6 @@ reroute: } #endif /* IPSEC */ - if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) { - in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig); - if (mcopy) { - u_long mtu; - - mtu = IN6_LINKMTU(rt->rt_ifp); - - icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); - } - m_freem(m); - goto freert; - } - if (rt->rt_flags & RTF_GATEWAY) dst = (struct sockaddr_in6 *)rt->rt_gateway; @@ -497,6 +484,20 @@ reroute: } #endif + /* Check the size after pf_test6 to give pf a chance to refragment. */ + if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) { + in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig); + if (mcopy) { + u_long mtu; + + mtu = IN6_LINKMTU(rt->rt_ifp); + + icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); + } + m_freem(m); + goto freert; + } + error = nd6_output(rt->rt_ifp, origifp, m, dst, rt); if (error) { in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard); |