Differential D46931

pf: remove the last hand-rolled IPv6 extension header loop
ClosedPublic
Actions

Authored by kp on Oct 4 2024, 12:44 PM.

Tags

None

Referenced Files

	F134657482: D46931.diff
	Mon, Nov 3, 9:46 PM

	F134580099: D46931.id.diff
	Mon, Nov 3, 9:24 AM

	F134562125: D46931.id144233.diff
	Mon, Nov 3, 5:26 AM

	F134542095: D46931.id144233.diff
	Mon, Nov 3, 1:29 AM

	F134541582: D46931.id144581.diff
	Mon, Nov 3, 1:23 AM

	Unknown Object (File)
	Sun, Nov 2, 9:10 PM

	Unknown Object (File)
	Tue, Oct 28, 12:35 PM

	Unknown Object (File)
	Mon, Oct 27, 5:33 PM

View All 64 Files

Subscribers

vegeta_tuxpowered.net

Details

Reviewers

None

Group Reviewers

network
pfsense

Commits

rG5de77e952a2f: pf: remove the last hand-rolled IPv6 extension header loop

Summary

Replace the IPv6 header walking loop in pf_test_state_icmp() with
the common function pf_walk_header6(). For that, pf_walk_header6()
can now extract both the information wether it is a fragment and
the final protocol if it is the first fragment. This allows to
match the icmp6 too big packet of a first fragment to the reassembled
packet's state. This is neccesary if a refragmented fragment is
to big for the Path-MTU.
Note that pd.proto contains the real protocol number for the first
fragment and IPPROTO_FRAGMENT for later fragments. pd.virtual_protocol
is set to PF_VPROTO_FRAGMENT for all fragments.
ok mcbride@

Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 90b3c57e94
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 59744
Build 56630: arc lint + arc unit

Event Timeline

kp created this revision.Oct 4 2024, 12:44 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 3 others. · View Herald TranscriptOct 4 2024, 12:44 PM

kp requested review of this revision.Oct 4 2024, 12:44 PM

Harbormaster completed remote builds in B59744: Diff 144233.Oct 4 2024, 12:44 PM

kp added a parent revision: D46930: pf: convert DIOCGETRULESETS to netlink.Oct 4 2024, 12:44 PM

kp added a child revision: D46932: pf.conf.5: sync documentation with code on the matter of max state limit behavior.

This revision was not accepted when it landed; it landed in state Needs Review.Oct 10 2024, 12:37 PM

Closed by commit rG5de77e952a2f: pf: remove the last hand-rolled IPv6 extension header loop (authored by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rG5de77e952a2f: pf: remove the last hand-rolled IPv6 extension header loop.

Revision Contents
Changeset List

Path

Size

sys/

net/

6 lines

netpfil/

pf/

130 lines

18 lines

Diff 144233

sys/net/pfvar.h

Loading...

sys/netpfil/pf/pf.c

Loading...

sys/netpfil/pf/pf_norm.c

Loading...