From 1f0aaa2c0b1618972194b09346a3d7f33feaf8a7 Mon Sep 17 00:00:00 2001 From: kp Date: Thu, 18 Jun 2015 20:41:55 +0000 Subject: [PATCH] Merge r280956 pf: Deal with runt packets On Ethernet packets have a minimal length, so very short packets get padding appended to them. This padding is not stripped off in ip6_input() (due to support for IPv6 Jumbograms, RFC2675). That means PF needs to be careful when reassembling fragmented packets to not include the padding in the reassembled packet. While here also remove the 'Magic from ip_input.' bits. Splitting up and re-joining an mbuf chain here doesn't make any sense. Differential Revision: https://reviews.freebsd.org/D2818 Reviewed by: gnn git-svn-id: svn://svn.freebsd.org/base/stable/10@284573 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/netpfil/pf/pf_norm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 8d6d6bb84..624bb3d93 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -582,11 +582,8 @@ pf_join_fragment(struct pf_fragment *frag) frent = TAILQ_FIRST(&frag->fr_queue); next = TAILQ_NEXT(frent, fr_next); - /* Magic from ip_input. */ m = frent->fe_m; - m2 = m->m_next; - m->m_next = NULL; - m_cat(m, m2); + m_adj(m, (frent->fe_hdrlen + frent->fe_len) - m->m_pkthdr.len); uma_zfree(V_pf_frent_z, frent); for (frent = next; frent != NULL; frent = next) { next = TAILQ_NEXT(frent, fr_next); @@ -594,6 +591,9 @@ pf_join_fragment(struct pf_fragment *frag) m2 = frent->fe_m; /* Strip off ip header. */ m_adj(m2, frent->fe_hdrlen); + /* Strip off any trailing bytes. */ + m_adj(m2, frent->fe_len - m2->m_pkthdr.len); + uma_zfree(V_pf_frent_z, frent); m_cat(m, m2); } -- 2.45.0