Hi,
Empty IPv6 fragments are reassembled differently by our stack and
pf. If the payload length is 0, it does not change the content of
the fragment cache. So pf just drops it early during processing.
But IPv6 requires that when an overlapping fragment is detected,
the whole queue of the fragement is dropped. That is what our stack
thinks about such a fragment, which is next to an existing fragment
entry.
I think the pf way is smarter. An empty fragment can never overlap
existing content, there is no ambiguous payload. Just dropping it
costs less resources than trying to insert it in the queue.
To make the behavior uniform, I want to adapt the IPv6 network
stack.
ok?
bluhm
Index: netinet6/frag6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/frag6.c,v
retrieving revision 1.69
diff -u -p -r1.69 frag6.c
--- netinet6/frag6.c 24 Aug 2016 09:41:12 -0000 1.69
+++ netinet6/frag6.c 20 Oct 2016 22:40:21 -0000
@@ -208,6 +208,12 @@ frag6_input(struct mbuf **mp, int *offp,
return ip6f->ip6f_nxt;
}
+ /* Ignore empty non atomic fragment, do not classify as overlapping. */
+ if (sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen) <= offset) {
+ m_freem(m);
+ return IPPROTO_DONE;
+ }
+
IP6Q_LOCK();
/*
