netinet6

Andrey V. Elsukov Fri, 15 Dec 2017 04:37:44 -0800

Author: ae
Date: Fri Dec 15 12:37:32 2017
New Revision: 326876
URL: https://svnweb.freebsd.org/changeset/base/326876


Log:
  Follow the RFC6980 and silently ignore following IPv6 NDP messages
  that had the IPv6 fragmentation header:
   o  Neighbor Solicitation
   o  Neighbor Advertisement
   o  Router Solicitation
   o  Router Advertisement
   o  Redirect
  
  Introduce M_FRAGMENTED mbuf flag, and set it after IPv6 fragment reassembly
  is completed. Then check the presence of this flag in correspondig ND6
  handling routines.
  
  PR:           224247
  MFC after:    2 weeks

Modified:
  head/sys/netinet6/frag6.c
  head/sys/netinet6/icmp6.c
  head/sys/netinet6/in6.h
  head/sys/netinet6/nd6_nbr.c
  head/sys/netinet6/nd6_rtr.c

Modified: head/sys/netinet6/frag6.c
==============================================================================
--- head/sys/netinet6/frag6.c   Fri Dec 15 06:44:11 2017        (r326875)
+++ head/sys/netinet6/frag6.c   Fri Dec 15 12:37:32 2017        (r326876)
@@ -227,6 +227,7 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
                IP6STAT_INC(ip6s_reassembled);
                in6_ifstat_inc(dstifp, ifs6_reass_ok);
                *offp = offset;
+               m->m_flags |= M_FRAGMENTED;
                return (ip6f->ip6f_nxt);
        }
 
@@ -827,5 +828,6 @@ ip6_deletefraghdr(struct mbuf *m, int offset, int wait
                m_cat(m, t);
        }
 
+       m->m_flags |= M_FRAGMENTED;
        return (0);
 }

Modified: head/sys/netinet6/icmp6.c
==============================================================================
--- head/sys/netinet6/icmp6.c   Fri Dec 15 06:44:11 2017        (r326875)
+++ head/sys/netinet6/icmp6.c   Fri Dec 15 12:37:32 2017        (r326876)
@@ -2252,6 +2252,10 @@ icmp6_redirect_input(struct mbuf *m, int off)
        if (!V_icmp6_rediraccept)
                goto freeit;
 
+       /* RFC 6980: Nodes MUST silently ignore fragments */
+       if(m->m_flags & M_FRAGMENTED)
+               goto freeit;
+
 #ifndef PULLDOWN_TEST
        IP6_EXTHDR_CHECK(m, off, icmp6len,);
        nd_rd = (struct nd_redirect *)((caddr_t)ip6 + off);

Modified: head/sys/netinet6/in6.h
==============================================================================
--- head/sys/netinet6/in6.h     Fri Dec 15 06:44:11 2017        (r326875)
+++ head/sys/netinet6/in6.h     Fri Dec 15 12:37:32 2017        (r326876)
@@ -658,6 +658,7 @@ struct ip6_mtuinfo {
 #define        M_LOOP                  M_PROTO6
 #define        M_AUTHIPDGM             M_PROTO7
 #define        M_RTALERT_MLD           M_PROTO8
+#define        M_FRAGMENTED            M_PROTO9        /* contained fragment 
header */
 
 #ifdef _KERNEL
 struct cmsghdr;

Modified: head/sys/netinet6/nd6_nbr.c
==============================================================================
--- head/sys/netinet6/nd6_nbr.c Fri Dec 15 06:44:11 2017        (r326875)
+++ head/sys/netinet6/nd6_nbr.c Fri Dec 15 12:37:32 2017        (r326876)
@@ -137,6 +137,10 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len)
        struct sockaddr_dl proxydl;
        char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
 
+       /* RFC 6980: Nodes MUST silently ignore fragments */
+       if(m->m_flags & M_FRAGMENTED)
+               goto freeit;
+
        rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0;
        if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif)
                rflag = 0;
@@ -630,6 +634,10 @@ nd6_na_input(struct mbuf *m, int off, int icmp6len)
        size_t linkhdrsize;
        int lladdr_off;
        char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
+
+       /* RFC 6980: Nodes MUST silently ignore fragments */
+       if(m->m_flags & M_FRAGMENTED)
+               goto freeit;
 
        if (ip6->ip6_hlim != 255) {
                nd6log((LOG_ERR,

Modified: head/sys/netinet6/nd6_rtr.c
==============================================================================
--- head/sys/netinet6/nd6_rtr.c Fri Dec 15 06:44:11 2017        (r326875)
+++ head/sys/netinet6/nd6_rtr.c Fri Dec 15 12:37:32 2017        (r326876)
@@ -139,6 +139,10 @@ nd6_rs_input(struct mbuf *m, int off, int icmp6len)
        if (!V_ip6_forwarding || ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV)
                goto freeit;
 
+       /* RFC 6980: Nodes MUST silently ignore fragments */   
+       if(m->m_flags & M_FRAGMENTED)
+               goto freeit;
+
        /* Sanity checks */
        if (ip6->ip6_hlim != 255) {
                nd6log((LOG_ERR,
@@ -227,6 +231,10 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len)
         * ND6_IFF_ACCEPT_RTADV is on the receiving interface.
         */
        if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV))
+               goto freeit;
+
+       /* RFC 6980: Nodes MUST silently ignore fragments */
+       if(m->m_flags & M_FRAGMENTED)
                goto freeit;
 
        if (ip6->ip6_hlim != 255) {
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r326876 - head/sys/netinet6

Reply via email to