On world IPv6 day I was asked by bz@ to re-spin the patch supplied in
the PR with the second and third IPv6 fragment issues listed in the PR
fixed, but not the first (discarding IPv6 packets with a fragment header
but not fragmented). Attached is the revised patch, against 8.2R
--- ip_fw_log.c.
On Sat, 5 Mar 2011, sth...@nethelp.no wrote:
The problem is well described in kern/145733 from 16. April 2010, but
nothing seems to have happened with this PR so far.
..
Does anybody have an idea of whether the patch in kern/145733 will be
incorporated into ip_fw2.c any time soon?
You probab
IPFW incorrectly handles IPv6 packets with a fragment header followed
by a last fragment only (i.e. the fragment header has fragment offset
= 0 and M bit = 0). Such packets are allowed by RFC 2460.
The problem is well described in kern/145733 from 16. April 2010, but
nothing seems to have happened
Attached is a revised patch fixing a third flaw. ipfw will reject
very small IPv6 fragments when it tries to pullup the transport
header. This relaxes the code to be consistent with the IPv4 path
where it only tries to pull up the transport header on fragments with
offset zero.--- ip_fw2.c.orig
>Number: 145733
>Category: kern
>Synopsis: [patch] ipfw flaws with ipv6 fragments
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible:freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-b
