Module Name: src
Committed By: maxv
Date: Mon Sep 17 08:11:27 UTC 2018
Modified Files:
src/sys/netinet: ip_reass.c
Log Message:
Kick fragments that would introduce several !MFFs in a reassembly chain.
The problem arises if we receive three fragments of the kind
3. A -> has MFF
1. B -> doesn't have MFF
2. C -> doesn't have MFF
Because of the received order B->C->A, we don't see that B is !MFF, and
therefore that there is a problem in this chain.
Now we do two checks, and drop us if:
* there is a fragment preceding us, and this fragment is !MFF, or
* there is a fragment following us, and we are !MFF
Spotted a long time ago.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/sys/netinet/ip_reass.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/ip_reass.c
diff -u src/sys/netinet/ip_reass.c:1.19 src/sys/netinet/ip_reass.c:1.20
--- src/sys/netinet/ip_reass.c:1.19 Mon Sep 17 06:01:36 2018
+++ src/sys/netinet/ip_reass.c Mon Sep 17 08:11:27 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_reass.c,v 1.19 2018/09/17 06:01:36 maxv Exp $ */
+/* $NetBSD: ip_reass.c,v 1.20 2018/09/17 08:11:27 maxv Exp $ */
/*
* Copyright (c) 1982, 1986, 1988, 1993
@@ -46,7 +46,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.19 2018/09/17 06:01:36 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.20 2018/09/17 08:11:27 maxv Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -287,9 +287,13 @@ ip_reass(ipfr_qent_t *ipqe, ipfr_queue_t
}
/*
- * If there is a preceding segment, it may provide some of our
- * data already. If so, drop the data from the incoming segment.
- * If it provides all of our data, drop us.
+ * Look at the preceding segment.
+ *
+ * If it provides some of our data already, in part or entirely, trim
+ * us or drop us.
+ *
+ * If a preceding segment exists, and was marked as the last segment,
+ * drop us.
*/
if (p != NULL) {
i = p->ipqe_off + p->ipqe_len - ipqe->ipqe_off;
@@ -302,10 +306,17 @@ ip_reass(ipfr_qent_t *ipqe, ipfr_queue_t
ipqe->ipqe_len = ipqe->ipqe_len - i;
}
}
+ if (p != NULL && !p->ipqe_mff) {
+ goto dropfrag;
+ }
/*
- * While we overlap succeeding segments trim them or, if they are
- * completely covered, dequeue them.
+ * Look at the segments that follow.
+ *
+ * If we cover them, in part or entirely, trim them or dequeue them.
+ *
+ * If a following segment exists, and we are marked as the last
+ * segment, drop us.
*/
while (q != NULL) {
i = ipqe->ipqe_off + ipqe->ipqe_len - q->ipqe_off;
@@ -326,6 +337,9 @@ ip_reass(ipfr_qent_t *ipqe, ipfr_queue_t
ip_nfrags--;
q = nq;
}
+ if (q != NULL && !ipqe->ipqe_mff) {
+ goto dropfrag;
+ }
insert:
/*
