Mmh, put back the RFC6946 check (about dummy fragments), otherwise NPF trunk
authormaxv <maxv@NetBSD.org>
Tue, 13 Mar 2018 16:23:40 +0000
branchtrunk
changeset 317062 d124b1e956e9
parent 317056 26b77bff4150
child 317063 3770b76f23b3
Mmh, put back the RFC6946 check (about dummy fragments), otherwise NPF is not happy in npf_reassembly, because NPC_IPFRAG is again returned after the packet was reassembled. I'm wondering whether it would not be better to just remove the fragment header in frag6_input directly.
sys/net/npf/npf_inet.c
--- a/sys/net/npf/npf_inet.c	Tue Mar 13 14:54:13 2018 +0000
+++ b/sys/net/npf/npf_inet.c	Tue Mar 13 16:23:40 2018 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_inet.c,v 1.40 2018/03/13 09:04:02 maxv Exp $	*/
+/*	$NetBSD: npf_inet.c,v 1.41 2018/03/13 16:23:40 maxv Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -40,7 +40,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.40 2018/03/13 09:04:02 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.41 2018/03/13 16:23:40 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -392,6 +392,13 @@
 				if (ip6f == NULL)
 					return NPC_FMTERR;
 
+				/* RFC6946: Skip dummy fragments. */
+				if (!ntohs(ip6f->ip6f_offlg & IP6F_OFF_MASK) &&
+				    !(ip6f->ip6f_offlg & IP6F_MORE_FRAG)) {
+					hlen = sizeof(struct ip6_frag);
+					break;
+				}
+
 				hlen = 0;
 				flags |= NPC_IPFRAG;