freebsd-skq/sys/netinet6
Kristof Provost 00eab743ab pf: Fix possible incorrect IPv6 fragmentation
When forwarding pf tracks the size of the largest fragment in a fragmented
packet, and refragments based on this size.
It failed to ensure that this size was a multiple of 8 (as is required for all
but the last fragment), so it could end up generating incorrect fragments.

For example, if we received an 8 byte and 12 byte fragment pf would emit a first
fragment with 12 bytes of payload and the final fragment would claim to be at
offset 8 (not 12).

We now assert that the fragment size is a multiple of 8 in ip6_fragment(), so
other users won't make the same mistake.

Reported by:	Antonios Atlasis <aatlasis at secfu net>
MFC after:	3 days
2017-04-20 09:05:53 +00:00
..
dest6.c
frag6.c When IPv6 fragments reassembly is complete, update mbuf's csum_data 2017-02-28 22:58:19 +00:00
icmp6.c Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0 2017-03-17 16:50:37 +00:00
icmp6.h
in6_cksum.c Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
in6_fib.c Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
in6_fib.h Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
in6_gif.c
in6_ifattach.c Garbage collect IFT_IEEE80211 (but leave the define for possible reuse) 2017-01-28 17:08:40 +00:00
in6_ifattach.h Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
in6_jail.c Allow explicitly assigned IPv6 loopback address to be used in jails 2017-03-31 09:10:05 +00:00
in6_mcast.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
in6_pcb.c The patch provides the same socket option as Linux IP_ORIGDSTADDR. 2017-03-06 04:01:58 +00:00
in6_pcb.h The patch provides the same socket option as Linux IP_ORIGDSTADDR. 2017-03-06 04:01:58 +00:00
in6_pcbgroup.c Unbreak the RSS/PCBGROUp build. 2016-03-31 00:53:23 +00:00
in6_proto.c Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
in6_rmx.c Code duplication but rib_head is special. Not found an easy way to go 2016-02-03 21:56:51 +00:00
in6_rss.c
in6_rss.h
in6_src.c Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0 2017-03-17 16:50:37 +00:00
in6_var.h Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
in6.c Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0 2017-03-17 16:50:37 +00:00
in6.h The patch provides the same socket option as Linux IP_ORIGDSTADDR. 2017-03-06 04:01:58 +00:00
ip6_ecn.h
ip6_fastfwd.c Add ip6_tryforward() - a run to completion forwarding implementation 2016-12-12 10:57:32 +00:00
ip6_forward.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ip6_gre.c
ip6_id.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
ip6_input.c Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
ip6_mroute.c Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
ip6_mroute.h
ip6_output.c pf: Fix possible incorrect IPv6 fragmentation 2017-04-20 09:05:53 +00:00
ip6_var.h Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
ip6.h
ip6protosw.h Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
ip_fw_nat64.h Add ipfw_nat64 module that implements stateless and stateful NAT64. 2016-08-13 16:09:49 +00:00
ip_fw_nptv6.h Add ipfw_nptv6 module that implements Network Prefix Translation for IPv6 2016-07-18 19:46:31 +00:00
mld6_var.h
mld6.c Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
mld6.h
nd6_nbr.c Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0 2017-03-17 16:50:37 +00:00
nd6_rtr.c Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0 2017-03-17 16:50:37 +00:00
nd6.c Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0 2017-03-17 16:50:37 +00:00
nd6.h Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0 2017-03-17 16:50:37 +00:00
pim6_var.h
pim6.h
raw_ip6.c The patch provides the same socket option as Linux IP_ORIGDSTADDR. 2017-03-06 04:01:58 +00:00
raw_ip6.h
route6.c
scope6_var.h
scope6.c Add a missing newline to a log message. 2016-02-12 21:17:00 +00:00
sctp6_usrreq.c Remove IPsec related PCB code from SCTP. 2017-02-13 11:37:52 +00:00
sctp6_var.h Whitespace changes. 2016-12-06 10:21:25 +00:00
send.c
send.h
tcp6_var.h Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
udp6_usrreq.c Rework r316770 to make it protocol independent and general, like we 2017-04-14 09:00:48 +00:00
udp6_var.h Renumber copyright clause 4 2017-02-28 23:42:47 +00:00