Module Name: src Committed By: maxv Date: Tue Mar 13 16:23:40 UTC 2018
Modified Files: src/sys/net/npf: npf_inet.c Log Message: Mmh, put back the RFC6946 check (about dummy fragments), otherwise NPF is not happy in npf_reassembly, because NPC_IPFRAG is again returned after the packet was reassembled. I'm wondering whether it would not be better to just remove the fragment header in frag6_input directly. To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.41 src/sys/net/npf/npf_inet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/npf/npf_inet.c diff -u src/sys/net/npf/npf_inet.c:1.40 src/sys/net/npf/npf_inet.c:1.41 --- src/sys/net/npf/npf_inet.c:1.40 Tue Mar 13 09:04:02 2018 +++ src/sys/net/npf/npf_inet.c Tue Mar 13 16:23:40 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_inet.c,v 1.40 2018/03/13 09:04:02 maxv Exp $ */ +/* $NetBSD: npf_inet.c,v 1.41 2018/03/13 16:23:40 maxv Exp $ */ /*- * Copyright (c) 2009-2014 The NetBSD Foundation, Inc. @@ -40,7 +40,7 @@ #ifdef _KERNEL #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.40 2018/03/13 09:04:02 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.41 2018/03/13 16:23:40 maxv Exp $"); #include <sys/param.h> #include <sys/types.h> @@ -392,6 +392,13 @@ npf_cache_ip(npf_cache_t *npc, nbuf_t *n if (ip6f == NULL) return NPC_FMTERR; + /* RFC6946: Skip dummy fragments. */ + if (!ntohs(ip6f->ip6f_offlg & IP6F_OFF_MASK) && + !(ip6f->ip6f_offlg & IP6F_MORE_FRAG)) { + hlen = sizeof(struct ip6_frag); + break; + } + hlen = 0; flags |= NPC_IPFRAG;