Evaluate packet size after the firewall had its chance in the ip6 fast path
ClosedPublic
Actions

Authored by kp on Oct 24 2017, 7:50 PM.

Details

Reviewers

bz
gnn
ae

Group Reviewers

network

Commits

rS324996: Evaluate packet size after the firewall had its chance in the ip6 fast path

Summary

Defer the packet size check until after the firewall has had a look at it. This
means that the firewall now has the opportunity to (re-)fragment an oversized
packet.
This mirrors what the slow path does.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp created this revision.Oct 24 2017, 7:50 PM

Herald added a subscriber: imp. · View Herald TranscriptOct 24 2017, 7:50 PM

ae added inline comments.Oct 25 2017, 8:07 AM

sys/netinet6/ip6_fastfwd.c
203–205 ↗	(On Diff #34297)	This doesn't look like the code from head/. Original code uses PFIL_IN and PFIL_OUT directions.

kp added inline comments.Oct 25 2017, 8:38 AM

sys/netinet6/ip6_fastfwd.c
203–205 ↗	(On Diff #34297)	Ah, right. I've got another patch I'm working on to add 'PFIL_FWD', but that's not quite ready yet. I'll rebase this so it doesn't include that change.