Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Mar 2018 09:54:17 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r331202 - in stable/10: sbin/ipfw sys/netpfil/ipfw
Message-ID:  <201803190954.w2J9sHOJ092766@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Mon Mar 19 09:54:16 2018
New Revision: 331202
URL: https://svnweb.freebsd.org/changeset/base/331202

Log:
  MFC r330792:
    Do not try to reassemble IPv6 fragments in "reass" rule.
  
    ip_reass() expects IPv4 packet and will just corrupt any IPv6 packets
    that it gets. Until proper IPv6 fragments handling function will be
    implemented, pass IPv6 packets to next rule.
  
    PR:		170604

Modified:
  stable/10/sbin/ipfw/ipfw.8
  stable/10/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sbin/ipfw/ipfw.8
==============================================================================
--- stable/10/sbin/ipfw/ipfw.8	Mon Mar 19 09:52:16 2018	(r331201)
+++ stable/10/sbin/ipfw/ipfw.8	Mon Mar 19 09:54:16 2018	(r331202)
@@ -1,7 +1,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 26, 2016
+.Dd March 12, 2018
 .Dt IPFW 8
 .Os
 .Sh NAME
@@ -1016,7 +1016,7 @@ keyword with setdscp.
 If the tablearg value is not within the 0..64 range, lower 6 bits of supplied
 value are used.
 .It Cm reass
-Queue and reassemble IP fragments.
+Queue and reassemble IPv4 fragments.
 If the packet is not fragmented, counters are updated and
 processing continues with the next rule.
 If the packet is the last logical fragment, the packet is reassembled and, if

Modified: stable/10/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/10/sys/netpfil/ipfw/ip_fw2.c	Mon Mar 19 09:52:16 2018	(r331201)
+++ stable/10/sys/netpfil/ipfw/ip_fw2.c	Mon Mar 19 09:54:16 2018	(r331202)
@@ -2461,8 +2461,10 @@ do {								\
 			case O_REASS: {
 				int ip_off;
 
-				IPFW_INC_RULE_COUNTER(f, pktlen);
 				l = 0;	/* in any case exit inner loop */
+				if (is_ipv6) /* IPv6 is not supported yet */
+					break;
+				IPFW_INC_RULE_COUNTER(f, pktlen);
 				ip_off = ntohs(ip->ip_off);
 
 				/* if not fragmented, go to next rule */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803190954.w2J9sHOJ092766>