Page MenuHomeFreeBSD
Differential D19965

Fix various IPV6_CHECKSUM issues
AbandonedPublic
Actions

Authored by tuexen on Apr 19 2019, 3:42 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mar 12 2024, 8:06 PM
Unknown Object (File)
Jan 19 2024, 12:41 PM
Unknown Object (File)
Jan 3 2024, 1:59 AM
Unknown Object (File)
Dec 25 2023, 9:42 AM
Unknown Object (File)
Dec 20 2023, 6:36 AM
Unknown Object (File)
Dec 13 2023, 3:59 AM
Unknown Object (File)
Oct 26 2023, 9:07 AM
Unknown Object (File)
Oct 15 2023, 10:11 PM
View All 15 Files
Subscribers
ae
emaste
imp

Details

Reviewers
jtl
bz
thj
Summary

This patch fixes the following issues related to the IPPROTO_IPV6 level socket option IPV6_CHECKSUM:

  • When setting the offset, don't allow negative values except -1, since they are not supported.
  • When receiving a packet with an incorrect checksum, just discard it and don't send an ICMP message indicating a parameter problem.
  • When computing the checksum for a packet to be sent, ensure you have enough bytes in the packet to write the checksum. The existing check was wrong (off by one error) and would result in writing one byte after the packet buffer.
  • When computing the checksum for a received packet, ensure that you have enough bytes in the packet such that it contains the checksum. This fixes in particular syzbot, which was injecting an empty (plen = 0) packet, which resulted in a panic.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 23765

Event Timeline

tuexen created this revision.Apr 19 2019, 3:42 PM
Herald added subscribers: ae, imp. ยท View Herald TranscriptApr 19 2019, 3:42 PM
Harbormaster completed remote builds in B23764: Diff 56380.Apr 19 2019, 3:42 PM
emaste added a subscriber: emaste.Apr 19 2019, 3:59 PM
emaste added inline comments.
sys/netinet6/ip6_output.c
2224โ€“2228

Can probably elide the optval >= 0

bz requested changes to this revision.Apr 19 2019, 4:03 PM

This seems like four different issues and it's kind of hard to keep them apart in a single change. For the sake of having a readable history and easily seeing/understanding each problem, can you please split them up?

This revision now requires changes to proceed.Apr 19 2019, 4:03 PM
tuexen added a comment.Apr 19 2019, 4:05 PM
In D19965#429164, @bz wrote:

This seems like four different issues and it's kind of hard to keep them apart in a single change. For the sake of having a readable history and easily seeing/understanding each problem, can you please split them up?

Split up in four reviews or committing them separately once approved?

tuexen updated this revision to Diff 56383.Apr 19 2019, 4:11 PM

Address Ed's comment

Harbormaster completed remote builds in B23765: Diff 56383.Apr 19 2019, 4:11 PM
tuexen marked an inline comment as done.Apr 19 2019, 4:11 PM
tuexen added inline comments.
sys/netinet6/ip6_output.c
2224โ€“2228

Fixed. Thanks for noting it.

tuexen marked an inline comment as done.Apr 19 2019, 4:12 PM
bz added a comment.Apr 19 2019, 4:12 PM
In D19965#429167, @tuexen wrote:

Split up in four reviews or committing them separately once approved?

For review already if possible. Means I need less brain cycles now to divide the four apart as well.

tuexen added a comment.Apr 19 2019, 4:49 PM
In D19965#429179, @bz wrote:
In D19965#429167, @tuexen wrote:

Split up in four reviews or committing them separately once approved?

For review already if possible. Means I need less brain cycles now to divide the four apart as well.

Splitted up in:

  1. D19966
  2. D19967
  3. D19968
  4. D19969

I hope this speeds up the review process...

tuexen added a comment.Apr 19 2019, 6:10 PM

All for reviews have been committed. Thanks a lot for the very quick reviews!

tuexen abandoned this revision.Apr 19 2019, 6:11 PM

Revision Contents
Changeset List

PathSize
sys/
netinet6/
7 lines
9 lines

Diff 56383

View Options

sys/netinet6/ip6_output.c

Loading...
View Options

sys/netinet6/raw_ip6.c

Loading...