Date: Fri, 29 Dec 2017 10:47:24 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r327337 - stable/11/sys/netinet6 Message-ID: <201712291047.vBTAlOC5060107@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Fri Dec 29 10:47:24 2017 New Revision: 327337 URL: https://svnweb.freebsd.org/changeset/base/327337 Log: MFC r326876: Follow the RFC6980 and silently ignore following IPv6 NDP messages that had the IPv6 fragmentation header: o Neighbor Solicitation o Neighbor Advertisement o Router Solicitation o Router Advertisement o Redirect Introduce M_FRAGMENTED mbuf flag, and set it after IPv6 fragment reassembly is completed. Then check the presence of this flag in correspondig ND6 handling routines. PR: 224247 Modified: stable/11/sys/netinet6/frag6.c stable/11/sys/netinet6/icmp6.c stable/11/sys/netinet6/in6.h stable/11/sys/netinet6/nd6_nbr.c stable/11/sys/netinet6/nd6_rtr.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet6/frag6.c ============================================================================== --- stable/11/sys/netinet6/frag6.c Fri Dec 29 07:23:18 2017 (r327336) +++ stable/11/sys/netinet6/frag6.c Fri Dec 29 10:47:24 2017 (r327337) @@ -225,6 +225,7 @@ frag6_input(struct mbuf **mp, int *offp, int proto) IP6STAT_INC(ip6s_reassembled); in6_ifstat_inc(dstifp, ifs6_reass_ok); *offp = offset; + m->m_flags |= M_FRAGMENTED; return (ip6f->ip6f_nxt); } @@ -825,5 +826,6 @@ ip6_deletefraghdr(struct mbuf *m, int offset, int wait m_cat(m, t); } + m->m_flags |= M_FRAGMENTED; return (0); } Modified: stable/11/sys/netinet6/icmp6.c ============================================================================== --- stable/11/sys/netinet6/icmp6.c Fri Dec 29 07:23:18 2017 (r327336) +++ stable/11/sys/netinet6/icmp6.c Fri Dec 29 10:47:24 2017 (r327337) @@ -2249,6 +2249,10 @@ icmp6_redirect_input(struct mbuf *m, int off) if (!V_icmp6_rediraccept) goto freeit; + /* RFC 6980: Nodes MUST silently ignore fragments */ + if(m->m_flags & M_FRAGMENTED) + goto freeit; + #ifndef PULLDOWN_TEST IP6_EXTHDR_CHECK(m, off, icmp6len,); nd_rd = (struct nd_redirect *)((caddr_t)ip6 + off); Modified: stable/11/sys/netinet6/in6.h ============================================================================== --- stable/11/sys/netinet6/in6.h Fri Dec 29 07:23:18 2017 (r327336) +++ stable/11/sys/netinet6/in6.h Fri Dec 29 10:47:24 2017 (r327337) @@ -653,6 +653,7 @@ struct ip6_mtuinfo { #define M_LOOP M_PROTO6 #define M_AUTHIPDGM M_PROTO7 #define M_RTALERT_MLD M_PROTO8 +#define M_FRAGMENTED M_PROTO9 /* contained fragment header */ #ifdef _KERNEL struct cmsghdr; Modified: stable/11/sys/netinet6/nd6_nbr.c ============================================================================== --- stable/11/sys/netinet6/nd6_nbr.c Fri Dec 29 07:23:18 2017 (r327336) +++ stable/11/sys/netinet6/nd6_nbr.c Fri Dec 29 10:47:24 2017 (r327337) @@ -135,6 +135,10 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) struct sockaddr_dl proxydl; char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; + /* RFC 6980: Nodes MUST silently ignore fragments */ + if(m->m_flags & M_FRAGMENTED) + goto freeit; + rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0; if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif) rflag = 0; @@ -628,6 +632,10 @@ nd6_na_input(struct mbuf *m, int off, int icmp6len) size_t linkhdrsize; int lladdr_off; char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; + + /* RFC 6980: Nodes MUST silently ignore fragments */ + if(m->m_flags & M_FRAGMENTED) + goto freeit; if (ip6->ip6_hlim != 255) { nd6log((LOG_ERR, Modified: stable/11/sys/netinet6/nd6_rtr.c ============================================================================== --- stable/11/sys/netinet6/nd6_rtr.c Fri Dec 29 07:23:18 2017 (r327336) +++ stable/11/sys/netinet6/nd6_rtr.c Fri Dec 29 10:47:24 2017 (r327337) @@ -137,6 +137,10 @@ nd6_rs_input(struct mbuf *m, int off, int icmp6len) if (!V_ip6_forwarding || ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) goto freeit; + /* RFC 6980: Nodes MUST silently ignore fragments */ + if(m->m_flags & M_FRAGMENTED) + goto freeit; + /* Sanity checks */ if (ip6->ip6_hlim != 255) { nd6log((LOG_ERR, @@ -225,6 +229,10 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len) * ND6_IFF_ACCEPT_RTADV is on the receiving interface. */ if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV)) + goto freeit; + + /* RFC 6980: Nodes MUST silently ignore fragments */ + if(m->m_flags & M_FRAGMENTED) goto freeit; if (ip6->ip6_hlim != 255) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712291047.vBTAlOC5060107>