Module Name: src
Committed By: maxv
Date: Tue Mar 13 16:23:40 UTC 2018
Modified Files:
src/sys/net/npf: npf_inet.c
Log Message:
Mmh, put back the RFC6946 check (about dummy fragments), otherwise NPF
is not happy in npf_reassembly, because NPC_IPFRAG is again returned after
the packet was reassembled.
I'm wondering whether it would not be better to just remove the fragment
header in frag6_input directly.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 src/sys/net/npf/npf_inet.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_inet.c
diff -u src/sys/net/npf/npf_inet.c:1.40 src/sys/net/npf/npf_inet.c:1.41
--- src/sys/net/npf/npf_inet.c:1.40 Tue Mar 13 09:04:02 2018
+++ src/sys/net/npf/npf_inet.c Tue Mar 13 16:23:40 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_inet.c,v 1.40 2018/03/13 09:04:02 maxv Exp $ */
+/* $NetBSD: npf_inet.c,v 1.41 2018/03/13 16:23:40 maxv Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -40,7 +40,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.40 2018/03/13 09:04:02 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.41 2018/03/13 16:23:40 maxv Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -392,6 +392,13 @@ npf_cache_ip(npf_cache_t *npc, nbuf_t *n
if (ip6f == NULL)
return NPC_FMTERR;
+ /* RFC6946: Skip dummy fragments. */
+ if (!ntohs(ip6f->ip6f_offlg & IP6F_OFF_MASK) &&
+ !(ip6f->ip6f_offlg & IP6F_MORE_FRAG)) {
+ hlen = sizeof(struct ip6_frag);
+ break;
+ }
+
hlen = 0;
flags |= NPC_IPFRAG;
