summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/net/pf_norm.c515
1 files changed, 284 insertions, 231 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index de3dabd9d3c..875bbb1b261 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_norm.c,v 1.128 2011/02/01 16:10:31 bluhm Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.129 2011/03/23 18:34:17 bluhm Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -63,24 +63,45 @@
#include <net/pfvar.h>
struct pf_frent {
- LIST_ENTRY(pf_frent) fr_next;
- struct ip *fr_ip;
- struct mbuf *fr_m;
+ TAILQ_ENTRY(pf_frent) fr_next;
+ struct mbuf *fe_m;
+ u_int16_t fe_hdrlen; /* ipv4 header lenght with ip options
+ ipv6, extension, fragment header */
+ u_int16_t fe_extoff; /* last extension header offset or 0 */
+ u_int16_t fe_len; /* fragment length */
+ u_int16_t fe_off; /* fragment offset */
+ u_int16_t fe_mff; /* more fragment flag */
};
-#define PFFRAG_SEENLAST 0x0001 /* Seen the last fragment for this */
+/* keep synced with struct pf_fragment, used in RB_FIND */
+struct pf_fragment_cmp {
+ struct pf_addr fr_src;
+ struct pf_addr fr_dst;
+ u_int32_t fr_id;
+ sa_family_t fr_af;
+ u_int8_t fr_proto;
+ u_int8_t fr_direction;
+};
struct pf_fragment {
+ struct pf_addr fr_src; /* ip source address */
+ struct pf_addr fr_dst; /* ip destination address */
+ u_int32_t fr_id; /* fragment id for reassemble */
+ sa_family_t fr_af; /* address family */
+ u_int8_t fr_proto; /* protocol of this fragment */
+ u_int8_t fr_direction; /* pf packet direction */
+
RB_ENTRY(pf_fragment) fr_entry;
TAILQ_ENTRY(pf_fragment) frag_next;
- struct in_addr fr_src;
- struct in_addr fr_dst;
- u_int8_t fr_p; /* protocol of this fragment */
- u_int8_t fr_flags; /* status flags */
- u_int16_t fr_id; /* fragment id for reassemble */
- u_int16_t fr_max; /* fragment data max */
u_int32_t fr_timeout;
- LIST_HEAD(pf_fragq, pf_frent) fr_queue;
+ u_int16_t fr_maxlen; /* maximum length of single fragment */
+ TAILQ_HEAD(pf_fragq, pf_frent) fr_queue;
+};
+
+struct pf_fragment_tag {
+ u_int16_t ft_hdrlen; /* header lenght of reassembled pkt */
+ u_int16_t ft_extoff; /* last extension header offset or 0 */
+ u_int16_t ft_maxlen; /* maximum fragment payload length */
};
TAILQ_HEAD(pf_fragqueue, pf_fragment) pf_fragqueue;
@@ -92,13 +113,18 @@ RB_PROTOTYPE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare);
RB_GENERATE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare);
/* Private prototypes */
-void pf_ip2key(struct pf_fragment *, struct ip *);
void pf_remove_fragment(struct pf_fragment *);
void pf_flush_fragments(void);
void pf_free_fragment(struct pf_fragment *);
-struct pf_fragment *pf_find_fragment(struct ip *, struct pf_frag_tree *);
-int pf_reassemble(struct mbuf **, struct pf_fragment **,
- struct pf_frent *, int, u_short *);
+struct pf_fragment *pf_find_fragment(struct pf_fragment_cmp *,
+ struct pf_frag_tree *);
+struct pf_frent *pf_create_fragment(u_short *);
+struct pf_fragment *pf_fillup_fragment(struct pf_fragment_cmp *,
+ struct pf_frent *, u_short *);
+int pf_isfull_fragment(struct pf_fragment *);
+struct mbuf *pf_join_fragment(struct pf_fragment *);
+int pf_reassemble(struct mbuf **, struct ip *, int,
+ u_short *);
/* Globals */
struct pool pf_frent_pl, pf_frag_pl;
@@ -126,18 +152,16 @@ pf_frag_compare(struct pf_fragment *a, struct pf_fragment *b)
{
int diff;
- if ((diff = a->fr_id - b->fr_id))
+ if ((diff = a->fr_id - b->fr_id) != 0)
return (diff);
- else if ((diff = a->fr_p - b->fr_p))
+ if ((diff = a->fr_proto - b->fr_proto) != 0)
+ return (diff);
+ if ((diff = a->fr_af - b->fr_af) != 0)
+ return (diff);
+ if ((diff = pf_addr_compare(&a->fr_src, &b->fr_src, a->fr_af)) != 0)
+ return (diff);
+ if ((diff = pf_addr_compare(&a->fr_dst, &b->fr_dst, a->fr_af)) != 0)
return (diff);
- else if (a->fr_src.s_addr < b->fr_src.s_addr)
- return (-1);
- else if (a->fr_src.s_addr > b->fr_src.s_addr)
- return (1);
- else if (a->fr_dst.s_addr < b->fr_dst.s_addr)
- return (-1);
- else if (a->fr_dst.s_addr > b->fr_dst.s_addr)
- return (1);
return (0);
}
@@ -186,11 +210,11 @@ pf_free_fragment(struct pf_fragment *frag)
struct pf_frent *frent;
/* Free all fragments */
- for (frent = LIST_FIRST(&frag->fr_queue); frent;
- frent = LIST_FIRST(&frag->fr_queue)) {
- LIST_REMOVE(frent, fr_next);
+ for (frent = TAILQ_FIRST(&frag->fr_queue); frent;
+ frent = TAILQ_FIRST(&frag->fr_queue)) {
+ TAILQ_REMOVE(&frag->fr_queue, frent, fr_next);
- m_freem(frent->fr_m);
+ m_freem(frent->fe_m);
pool_put(&pf_frent_pl, frent);
pf_nfrents--;
}
@@ -198,24 +222,12 @@ pf_free_fragment(struct pf_fragment *frag)
pf_remove_fragment(frag);
}
-void
-pf_ip2key(struct pf_fragment *key, struct ip *ip)
-{
- key->fr_p = ip->ip_p;
- key->fr_id = ip->ip_id;
- key->fr_src.s_addr = ip->ip_src.s_addr;
- key->fr_dst.s_addr = ip->ip_dst.s_addr;
-}
-
struct pf_fragment *
-pf_find_fragment(struct ip *ip, struct pf_frag_tree *tree)
+pf_find_fragment(struct pf_fragment_cmp *key, struct pf_frag_tree *tree)
{
- struct pf_fragment key;
struct pf_fragment *frag;
- pf_ip2key(&key, ip);
-
- frag = RB_FIND(pf_frag_tree, tree, &key);
+ frag = RB_FIND(pf_frag_tree, tree, (struct pf_fragment *)key);
if (frag != NULL) {
/* XXX Are we sure we want to update the timeout? */
frag->fr_timeout = time_second;
@@ -236,196 +248,297 @@ pf_remove_fragment(struct pf_fragment *frag)
pool_put(&pf_frag_pl, frag);
}
-#define FR_IP_OFF(fr) ((ntohs((fr)->fr_ip->ip_off) & IP_OFFMASK) << 3)
-int
-pf_reassemble(struct mbuf **m0, struct pf_fragment **frag,
- struct pf_frent *frent, int mff, u_short *reason)
+struct pf_frent *
+pf_create_fragment(u_short *reason)
{
- struct mbuf *m = *m0, *m2;
- struct pf_frent *frea, *next;
- struct pf_frent *frep = NULL;
- struct ip *ip = frent->fr_ip;
- int hlen = ip->ip_hl << 2;
- u_int16_t off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3;
- u_int16_t ip_len = ntohs(ip->ip_len) - ip->ip_hl * 4;
- u_int16_t max = ip_len + off;
-
- /* Strip off ip header */
- m->m_data += hlen;
- m->m_len -= hlen;
+ struct pf_frent *frent;
+
+ frent = pool_get(&pf_frent_pl, PR_NOWAIT);
+ if (frent == NULL) {
+ pf_flush_fragments();
+ frent = pool_get(&pf_frent_pl, PR_NOWAIT);
+ if (frent == NULL) {
+ REASON_SET(reason, PFRES_MEMORY);
+ return (NULL);
+ }
+ }
+ pf_nfrents++;
+
+ return (frent);
+}
+
+struct pf_fragment *
+pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent,
+ u_short *reason)
+{
+ struct pf_frent *after, *next, *prev;
+ struct pf_fragment *frag;
+ u_int16_t total;
+
+ /* No empty fragments */
+ if (frent->fe_len == 0) {
+ DPFPRINTF(LOG_NOTICE, "bad fragment: len 0");
+ goto bad_fragment;
+ }
+
+ /* All fragments are 8 byte aligned */
+ if (frent->fe_mff && (frent->fe_len & 0x7)) {
+ DPFPRINTF(LOG_NOTICE, "bad fragment: mff and len %d",
+ frent->fe_len);
+ goto bad_fragment;
+ }
+
+ /* Respect maximum length, IP_MAXPACKET == IPV6_MAXPACKET */
+ if (frent->fe_off + frent->fe_len > IP_MAXPACKET) {
+ DPFPRINTF(LOG_NOTICE, "bad fragment: max packet %d",
+ frent->fe_off + frent->fe_len);
+ goto bad_fragment;
+ }
+
+ DPFPRINTF(LOG_NOTICE, key->fr_af == AF_INET ?
+ "reass frag %d @ %d-%d" : "reass frag %#08x @ %d-%d",
+ key->fr_id, frent->fe_off, frent->fe_off + frent->fe_len);
+
+ /* Fully buffer all of the fragments in this fragment queue */
+ frag = pf_find_fragment(key, &pf_frag_tree);
/* Create a new reassembly queue for this packet */
- if (*frag == NULL) {
- *frag = pool_get(&pf_frag_pl, PR_NOWAIT);
- if (*frag == NULL) {
+ if (frag == NULL) {
+ frag = pool_get(&pf_frag_pl, PR_NOWAIT);
+ if (frag == NULL) {
pf_flush_fragments();
- *frag = pool_get(&pf_frag_pl, PR_NOWAIT);
- if (*frag == NULL) {
+ frag = pool_get(&pf_frag_pl, PR_NOWAIT);
+ if (frag == NULL) {
REASON_SET(reason, PFRES_MEMORY);
goto drop_fragment;
}
}
- (*frag)->fr_flags = 0;
- (*frag)->fr_max = 0;
- (*frag)->fr_src = frent->fr_ip->ip_src;
- (*frag)->fr_dst = frent->fr_ip->ip_dst;
- (*frag)->fr_p = frent->fr_ip->ip_p;
- (*frag)->fr_id = frent->fr_ip->ip_id;
- (*frag)->fr_timeout = time_second;
- LIST_INIT(&(*frag)->fr_queue);
+ *(struct pf_fragment_cmp *)frag = *key;
+ frag->fr_timeout = time_second;
+ frag->fr_maxlen = frent->fe_len;
+ TAILQ_INIT(&frag->fr_queue);
- RB_INSERT(pf_frag_tree, &pf_frag_tree, *frag);
- TAILQ_INSERT_HEAD(&pf_fragqueue, *frag, frag_next);
+ RB_INSERT(pf_frag_tree, &pf_frag_tree, frag);
+ TAILQ_INSERT_HEAD(&pf_fragqueue, frag, frag_next);
/* We do not have a previous fragment */
- frep = NULL;
- goto insert;
+ TAILQ_INSERT_HEAD(&frag->fr_queue, frent, fr_next);
+
+ return (frag);
}
- /*
- * Find a fragment after the current one:
- * - off contains the real shifted offset.
- */
- LIST_FOREACH(frea, &(*frag)->fr_queue, fr_next) {
- if (FR_IP_OFF(frea) > off)
+ KASSERT(!TAILQ_EMPTY(&frag->fr_queue));
+
+ /* Remember maximum fragment len for refragmentation */
+ if (frent->fe_len > frag->fr_maxlen)
+ frag->fr_maxlen = frent->fe_len;
+
+ /* Maximum data we have seen already */
+ total = TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_off +
+ TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_len;
+
+ /* Non terminal fragments must have more fragments flag */
+ if (frent->fe_off + frent->fe_len < total && !frent->fe_mff)
+ goto bad_fragment;
+
+ /* Check if we saw the last fragment already */
+ if (!TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_mff) {
+ if (frent->fe_off + frent->fe_len > total ||
+ (frent->fe_off + frent->fe_len == total && frent->fe_mff))
+ goto bad_fragment;
+ } else {
+ if (frent->fe_off + frent->fe_len == total && !frent->fe_mff)
+ goto bad_fragment;
+ }
+
+ /* Find a fragment after the current one */
+ prev = NULL;
+ TAILQ_FOREACH(after, &frag->fr_queue, fr_next) {
+ if (after->fe_off > frent->fe_off)
break;
- frep = frea;
+ prev = after;
}
- KASSERT(frep != NULL || frea != NULL);
+ KASSERT(prev != NULL || after != NULL);
- if (frep != NULL &&
- FR_IP_OFF(frep) + ntohs(frep->fr_ip->ip_len) - frep->fr_ip->ip_hl *
- 4 > off)
- {
+ if (prev != NULL && prev->fe_off + prev->fe_len > frent->fe_off) {
u_int16_t precut;
- precut = FR_IP_OFF(frep) + ntohs(frep->fr_ip->ip_len) -
- frep->fr_ip->ip_hl * 4 - off;
- if (precut >= ip_len)
+ precut = prev->fe_off + prev->fe_len - frent->fe_off;
+ if (precut >= frent->fe_len)
goto bad_fragment;
- m_adj(frent->fr_m, precut);
DPFPRINTF(LOG_NOTICE, "overlap -%d", precut);
- /* Enforce 8 byte boundaries */
- ip->ip_off = htons(ntohs(ip->ip_off) + (precut >> 3));
- off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3;
- ip_len -= precut;
- ip->ip_len = htons(ip_len);
+ m_adj(frent->fe_m, precut);
+ frent->fe_off += precut;
+ frent->fe_len -= precut;
}
- for (; frea != NULL && ip_len + off > FR_IP_OFF(frea);
- frea = next)
+ for (; after != NULL && frent->fe_off + frent->fe_len > after->fe_off;
+ after = next)
{
u_int16_t aftercut;
- aftercut = ip_len + off - FR_IP_OFF(frea);
+ aftercut = frent->fe_off + frent->fe_len - after->fe_off;
DPFPRINTF(LOG_NOTICE, "adjust overlap %d", aftercut);
- if (aftercut < ntohs(frea->fr_ip->ip_len) - frea->fr_ip->ip_hl
- * 4)
- {
- frea->fr_ip->ip_len =
- htons(ntohs(frea->fr_ip->ip_len) - aftercut);
- frea->fr_ip->ip_off = htons(ntohs(frea->fr_ip->ip_off) +
- (aftercut >> 3));
- m_adj(frea->fr_m, aftercut);
+ if (aftercut < after->fe_len) {
+ m_adj(after->fe_m, aftercut);
+ after->fe_off += aftercut;
+ after->fe_len -= aftercut;
break;
}
/* This fragment is completely overlapped, lose it */
- next = LIST_NEXT(frea, fr_next);
- m_freem(frea->fr_m);
- LIST_REMOVE(frea, fr_next);
- pool_put(&pf_frent_pl, frea);
+ next = TAILQ_NEXT(after, fr_next);
+ m_freem(after->fe_m);
+ TAILQ_REMOVE(&frag->fr_queue, after, fr_next);
+ pool_put(&pf_frent_pl, after);
pf_nfrents--;
}
- insert:
- /* Update maximum data size */
- if ((*frag)->fr_max < max)
- (*frag)->fr_max = max;
- /* This is the last segment */
- if (!mff)
- (*frag)->fr_flags |= PFFRAG_SEENLAST;
-
- if (frep == NULL)
- LIST_INSERT_HEAD(&(*frag)->fr_queue, frent, fr_next);
+ if (prev == NULL)
+ TAILQ_INSERT_HEAD(&frag->fr_queue, frent, fr_next);
else
- LIST_INSERT_AFTER(frep, frent, fr_next);
+ TAILQ_INSERT_AFTER(&frag->fr_queue, prev, frent, fr_next);
- /* The mbuf is part of the fragment entry, no direct free or access */
- m = *m0 = NULL;
+ return (frag);
+
+ bad_fragment:
+ REASON_SET(reason, PFRES_FRAG);
+ drop_fragment:
+ pool_put(&pf_frent_pl, frent);
+ pf_nfrents--;
+ return (NULL);
+}
+
+int
+pf_isfull_fragment(struct pf_fragment *frag)
+{
+ struct pf_frent *frent, *next;
+ u_int16_t off, total;
/* Check if we are completely reassembled */
- if (!((*frag)->fr_flags & PFFRAG_SEENLAST))
- return (PF_PASS);
+ if (TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_mff)
+ return (0);
+
+ /* Maximum data we have seen already */
+ total = TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_off +
+ TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_len;
/* Check if we have all the data */
off = 0;
- for (frep = LIST_FIRST(&(*frag)->fr_queue); frep; frep = next) {
- next = LIST_NEXT(frep, fr_next);
+ for (frent = TAILQ_FIRST(&frag->fr_queue); frent; frent = next) {
+ next = TAILQ_NEXT(frent, fr_next);
- off += ntohs(frep->fr_ip->ip_len) - frep->fr_ip->ip_hl * 4;
- if (off < (*frag)->fr_max &&
- (next == NULL || FR_IP_OFF(next) != off))
- {
+ off += frent->fe_len;
+ if (off < total && (next == NULL || next->fe_off != off)) {
DPFPRINTF(LOG_NOTICE,
- "missing fragment at %d, next %d, max %d",
- off, next == NULL ? -1 : FR_IP_OFF(next),
- (*frag)->fr_max);
- return (PF_PASS);
+ "missing fragment at %d, next %d, total %d",
+ off, next == NULL ? -1 : next->fe_off, total);
+ return (0);
}
}
- DPFPRINTF(LOG_NOTICE, "%d < %d?", off, (*frag)->fr_max);
- if (off < (*frag)->fr_max)
- return (PF_PASS);
+ DPFPRINTF(LOG_NOTICE, "%d < %d?", off, total);
+ if (off < total)
+ return (0);
+ KASSERT(off == total);
- /* We have all the data */
- frent = LIST_FIRST(&(*frag)->fr_queue);
- KASSERT(frent != NULL);
- next = LIST_NEXT(frent, fr_next);
+ return (1);
+}
+
+struct mbuf *
+pf_join_fragment(struct pf_fragment *frag)
+{
+ struct mbuf *m, *m2;
+ struct pf_frent *frent, *next;
+
+ frent = TAILQ_FIRST(&frag->fr_queue);
+ next = TAILQ_NEXT(frent, fr_next);
/* Magic from ip_input */
- ip = frent->fr_ip;
- m = frent->fr_m;
+ m = frent->fe_m;
m2 = m->m_next;
m->m_next = NULL;
m_cat(m, m2);
pool_put(&pf_frent_pl, frent);
pf_nfrents--;
for (frent = next; frent != NULL; frent = next) {
- next = LIST_NEXT(frent, fr_next);
+ next = TAILQ_NEXT(frent, fr_next);
- m2 = frent->fr_m;
+ m2 = frent->fe_m;
+ /* Strip off ip header */
+ m_adj(m2, frent->fe_hdrlen);
pool_put(&pf_frent_pl, frent);
pf_nfrents--;
m_cat(m, m2);
}
- ip->ip_src = (*frag)->fr_src;
- ip->ip_dst = (*frag)->fr_dst;
-
/* Remove from fragment queue */
- pf_remove_fragment(*frag);
- *frag = NULL;
- *m0 = m;
+ pf_remove_fragment(frag);
+
+ return (m);
+}
+
+int
+pf_reassemble(struct mbuf **m0, struct ip *ip, int dir, u_short *reason)
+{
+ struct mbuf *m = *m0;
+ struct pf_frent *frent;
+ struct pf_fragment *frag;
+ struct pf_fragment_cmp key;
+ u_int16_t total, hdrlen;
+
+ /* Get an entry for the fragment queue */
+ if ((frent = pf_create_fragment(reason)) == NULL)
+ return (PF_DROP);
+
+ frent->fe_m = m;
+ frent->fe_hdrlen = ip->ip_hl << 2;
+ frent->fe_extoff = 0;
+ frent->fe_len = ntohs(ip->ip_len) - (ip->ip_hl << 2);
+ frent->fe_off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3;
+ frent->fe_mff = ntohs(ip->ip_off) & IP_MF;
+
+ key.fr_src.v4 = ip->ip_src;
+ key.fr_dst.v4 = ip->ip_dst;
+ key.fr_af = AF_INET;
+ key.fr_proto = ip->ip_p;
+ key.fr_id = ip->ip_id;
+ key.fr_direction = dir;
+
+ if ((frag = pf_fillup_fragment(&key, frent, reason)) == NULL)
+ return (PF_DROP);
+
+ /* The mbuf is part of the fragment entry, no direct free or access */
+ m = *m0 = NULL;
+
+ if (!pf_isfull_fragment(frag))
+ return (PF_PASS); /* drop because *m0 is NULL, no error */
+
+ /* We have all the data */
+ frent = TAILQ_FIRST(&frag->fr_queue);
+ KASSERT(frent != NULL);
+ total = TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_off +
+ TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_len;
+ hdrlen = frent->fe_hdrlen;
- hlen = ip->ip_hl << 2;
- ip->ip_len = htons(off + hlen);
- m->m_len += hlen;
- m->m_data -= hlen;
+ m = *m0 = pf_join_fragment(frag);
+ frag = NULL;
- /* some debugging cruft by sklower, below, will go away soon */
- /* XXX this should be done elsewhere */
if (m->m_flags & M_PKTHDR) {
int plen = 0;
- for (m2 = m; m2; m2 = m2->m_next)
- plen += m2->m_len;
+ for (m = *m0; m; m = m->m_next)
+ plen += m->m_len;
+ m = *m0;
m->m_pkthdr.len = plen;
}
- if (hlen + off > IP_MAXPACKET) {
- DPFPRINTF(LOG_NOTICE, "drop: too big: %d", off);
+ ip = mtod(m, struct ip *);
+ ip->ip_len = htons(hdrlen + total);
+ ip->ip_off &= ~(IP_MF|IP_OFFMASK);
+
+ if (hdrlen + total > IP_MAXPACKET) {
+ DPFPRINTF(LOG_NOTICE, "drop: too big: %d", total);
ip->ip_len = 0;
REASON_SET(reason, PFRES_SHORT);
/* PF_DROP requires a valid mbuf *m0 in pf_test() */
@@ -434,31 +547,17 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment **frag,
DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip->ip_len));
return (PF_PASS);
-
- bad_fragment:
- REASON_SET(reason, PFRES_FRAG);
- drop_fragment:
- /* Oops - fail safe - drop packet */
- pool_put(&pf_frent_pl, frent);
- pf_nfrents--;
- /* PF_DROP requires a valid mbuf *m0 in pf_test(), will free later */
- return (PF_DROP);
}
int
-pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
- struct pf_pdesc *pd)
+pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif,
+ u_short *reason, struct pf_pdesc *pd)
{
struct mbuf *m = *m0;
- struct pf_frent *frent;
- struct pf_fragment *frag = NULL;
struct ip *h = mtod(m, struct ip *);
- int mff = (ntohs(h->ip_off) & IP_MF);
int hlen = h->ip_hl << 2;
u_int16_t fragoff = (ntohs(h->ip_off) & IP_OFFMASK) << 3;
- u_int16_t max;
- int ip_len;
- int ip_off;
+ u_int16_t mff = (ntohs(h->ip_off) & IP_MF);
/* Check for illegal packets */
if (hlen < (int)sizeof(struct ip))
@@ -484,48 +583,13 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
* no-df above, fine. Otherwise drop it.
*/
if (h->ip_off & htons(IP_DF)) {
- DPFPRINTF(LOG_NOTICE, "IP_DF");
- goto bad;
- }
-
- ip_len = ntohs(h->ip_len) - hlen;
- ip_off = (ntohs(h->ip_off) & IP_OFFMASK) << 3;
-
- /* All fragments are 8 byte aligned */
- if (mff && (ip_len & 0x7)) {
- DPFPRINTF(LOG_NOTICE, "mff and %d", ip_len);
- goto bad;
- }
-
- /* Respect maximum length */
- if (fragoff + ip_len > IP_MAXPACKET) {
- DPFPRINTF(LOG_NOTICE, "max packet %d", fragoff + ip_len);
- goto bad;
- }
- max = fragoff + ip_len;
-
- /* Fully buffer all of the fragments */
- frag = pf_find_fragment(h, &pf_frag_tree);
-
- /* Check if we saw the last fragment already */
- if (frag != NULL && (frag->fr_flags & PFFRAG_SEENLAST) &&
- max > frag->fr_max)
- goto bad;
-
- /* Get an entry for the fragment queue */
- frent = pool_get(&pf_frent_pl, PR_NOWAIT);
- if (frent == NULL) {
- REASON_SET(reason, PFRES_MEMORY);
+ DPFPRINTF(LOG_NOTICE, "bad fragment: IP_DF");
+ REASON_SET(reason, PFRES_FRAG);
return (PF_DROP);
}
- pf_nfrents++;
- frent->fr_ip = h;
- frent->fr_m = m;
/* Returns PF_DROP or *m0 is NULL or completely reassembled mbuf */
- DPFPRINTF(LOG_NOTICE,
- "reass frag %d @ %d-%d", h->ip_id, fragoff, max);
- if (pf_reassemble(m0, &frag, frent, mff, reason) != PF_PASS)
+ if (pf_reassemble(m0, h, dir, reason) != PF_PASS)
return (PF_DROP);
m = *m0;
if (m == NULL)
@@ -548,17 +612,6 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
drop:
REASON_SET(reason, PFRES_NORM);
return (PF_DROP);
-
- bad:
- DPFPRINTF(LOG_NOTICE, "dropping bad fragment");
-
- /* Free associated fragments */
- if (frag != NULL)
- pf_free_fragment(frag);
-
- REASON_SET(reason, PFRES_FRAG);
-
- return (PF_DROP);
}
#ifdef INET6
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-09 11:00:49 +0000