Author: tuexen Date: Thu May 31 16:00:03 2018 New Revision: 334438 URL: https://svnweb.freebsd.org/changeset/base/334438
Log: MFC r333186: Send an ICMPv6 PacketTooBig message in case of forwading a packet which is too big for the outgoing interface and no firewall is involed. This problem was introduced in https://svnweb.freebsd.org/changeset/base/324996 Thanks to Irene Ruengeler for finding the bug and testing the fix. Approved by: re Modified: stable/11/sys/netinet6/ip6_fastfwd.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet6/ip6_fastfwd.c ============================================================================== --- stable/11/sys/netinet6/ip6_fastfwd.c Thu May 31 15:58:28 2018 (r334437) +++ stable/11/sys/netinet6/ip6_fastfwd.c Thu May 31 16:00:03 2018 (r334438) @@ -195,12 +195,19 @@ passin: in6_ifstat_inc(rcvif, ifs6_in_noroute); goto dropin; } + if (!PFIL_HOOKED(&V_inet6_pfil_hook)) { + if (m->m_pkthdr.len > nh.nh_mtu) { + in6_ifstat_inc(nh.nh_ifp, ifs6_in_toobig); + icmp6_error(m, ICMP6_PACKET_TOO_BIG, 0, nh.nh_mtu); + m = NULL; + goto dropout; + } + goto passout; + } /* * Outgoing packet firewall processing. */ - if (!PFIL_HOOKED(&V_inet6_pfil_hook)) - goto passout; if (pfil_run_hooks(&V_inet6_pfil_hook, &m, nh.nh_ifp, PFIL_OUT, PFIL_FWD, NULL) != 0 || m == NULL) goto dropout; _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
