Author: bz
Date: Wed Feb 8 16:24:56 2012
New Revision: 231210
URL: http://svn.freebsd.org/changeset/base/231210
Log:
MFC r225033:
If we detect an IPv6 fragment header and it is not the first fragment,
then terminate the loop as we will not find any further headers and
for short fragments this could otherwise lead to a pullup error
discarding the fragment.
Submitted by: Matthew Luckie (mjl luckie.org.nz)
PR: kern/145733
Modified:
stable/8/sys/netinet/ipfw/ip_fw2.c
Directory Properties:
stable/8/sys/ (props changed)
Modified: stable/8/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- stable/8/sys/netinet/ipfw/ip_fw2.c Wed Feb 8 16:07:07 2012
(r231209)
+++ stable/8/sys/netinet/ipfw/ip_fw2.c Wed Feb 8 16:24:56 2012
(r231210)
@@ -945,7 +945,7 @@ do {
\
proto = ip6->ip6_nxt;
/* Search extension headers to find upper layer protocols */
- while (ulp == NULL) {
+ while (ulp == NULL && offset == 0) {
switch (proto) {
case IPPROTO_ICMPV6:
PULLUP_TO(hlen, ulp, struct icmp6_hdr);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
