Page MenuHomeFreeBSD
Differential D27696

pf: Fix unaligned checksum updates
ClosedPublic
Actions

Authored by kp on Dec 21 2020, 9:09 AM.
Tags
None
Referenced Files
F142217115: D27696.diff
Sat, Jan 17, 9:26 AM
Unknown Object (File)
Thu, Dec 25, 11:43 PM
Unknown Object (File)
Dec 11 2025, 9:32 AM
Unknown Object (File)
Dec 7 2025, 10:01 PM
Unknown Object (File)
Dec 7 2025, 2:51 PM
Unknown Object (File)
Nov 26 2025, 5:13 PM
Unknown Object (File)
Nov 24 2025, 9:45 AM
Unknown Object (File)
Nov 23 2025, 11:24 PM
View All Files
Subscribers
ae
afedorov
farrokhi
imp
melifaro
tuexen

Details

Reviewers
tuexen
Group Reviewers
network
Commits
rG21745738a2b5: pf: Fix unaligned checksum updates
Summary

The algorithm we use to update checksums only works correctly if the
updated data is aligned on 16-bit boundaries (relative to the start of
the packet).

Import the OpenBSD fix for this issue.

PR: 240416
Obtained from: OpenBSD

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 35607
Build 32507: arc lint + arc unit

Event Timeline

kp created this revision.Dec 21 2020, 9:09 AM
Herald added subscribers: melifaro, farrokhi, ae, imp. · View Herald TranscriptDec 21 2020, 9:09 AM
kp requested review of this revision.Dec 21 2020, 9:09 AM
Harbormaster completed remote builds in B35568: Diff 80997.Dec 21 2020, 9:09 AM
tuexen added a subscriber: tuexen.Dec 21 2020, 10:30 AM

I guess you need a similar dance (for 16-bit) in pf_normalize_tcpopt() when updating the MSS.

kp updated this revision to Diff 81014.Dec 21 2020, 9:13 PM

Also handle the MSS update case.

Harbormaster completed remote builds in B35583: Diff 81014.Dec 21 2020, 9:13 PM
tuexen accepted this revision.Dec 21 2020, 11:11 PM
This revision is now accepted and ready to land.Dec 21 2020, 11:11 PM
kp updated this revision to Diff 81047.Dec 22 2020, 12:00 PM

Ensure we actually update the packet, even when checksum flags indicate the checksum doesn't need an update.

This revision now requires review to proceed.Dec 22 2020, 12:00 PM
Harbormaster completed remote builds in B35607: Diff 81047.Dec 22 2020, 12:00 PM
tuexen accepted this revision.Dec 22 2020, 12:18 PM
This revision is now accepted and ready to land.Dec 22 2020, 12:18 PM
afedorov added a subscriber: afedorov.Dec 22 2020, 2:10 PM
kp closed this revision.Dec 23 2020, 12:05 PM

Committed as https://cgit.freebsd.org/src/commit/?id=c3f69af03ae7acc167cc1151f0c1ecc5e014ce4e

kp added a commit: rG21745738a2b5: pf: Fix unaligned checksum updates.Jan 3 2021, 10:19 PM

Revision Contents
Changeset List

PathSize
sys/
net/
6 lines
netpfil/
pf/
81 lines
23 lines

Diff 81047

View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_norm.c

Loading...