Page MenuHomeFreeBSD

Evaluate packet size after the firewall had its chance in the ip6 fast path
ClosedPublic

Authored by kp on Oct 24 2017, 7:50 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Mar 19, 3:33 PM
Unknown Object (File)
Tue, Mar 19, 3:12 PM
Unknown Object (File)
Jan 6 2024, 9:00 AM
Unknown Object (File)
Jan 1 2024, 8:12 AM
Unknown Object (File)
Dec 20 2023, 8:17 AM
Unknown Object (File)
Nov 20 2023, 8:18 AM
Unknown Object (File)
Nov 18 2023, 8:22 AM
Unknown Object (File)
Nov 7 2023, 7:35 PM
Subscribers

Details

Summary

Defer the packet size check until after the firewall has had a look at it. This
means that the firewall now has the opportunity to (re-)fragment an oversized
packet.
This mirrors what the slow path does.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sys/netinet6/ip6_fastfwd.c
203–205 ↗(On Diff #34297)

This doesn't look like the code from head/. Original code uses PFIL_IN and PFIL_OUT directions.

sys/netinet6/ip6_fastfwd.c
203–205 ↗(On Diff #34297)

Ah, right. I've got another patch I'm working on to add 'PFIL_FWD', but that's not quite ready yet. I'll rebase this so it doesn't include that change.

This revision is now accepted and ready to land.Oct 25 2017, 11:42 AM
This revision was automatically updated to reflect the committed changes.