Page MenuHomeFreeBSD
Files F111102940

D46312.diff
No OneTemporary
Actions

D46312.diff
View Options

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8946,6 +8946,14 @@
pd.af = AF_INET6;
pd.act.rtableid = -1;
+ if (__predict_false(m->m_len < sizeof(struct ip6_hdr)) &&
+ (m = *m0 = m_pullup(*m0, sizeof(struct ip6_hdr))) == NULL) {
+ DPFPRINTF(PF_DEBUG_URGENT,
+ ("pf_test6: m_len < sizeof(struct ip6_hdr)"
+ ", pullup failed\n"));
+ PF_RULES_RUNLOCK();
+ return (PF_DROP);
+ }
h = mtod(m, struct ip6_hdr *);
off = ((caddr_t)h - m->m_data) + sizeof(struct ip6_hdr);
diff --git a/tests/sys/netpfil/pf/mbuf.sh b/tests/sys/netpfil/pf/mbuf.sh
--- a/tests/sys/netpfil/pf/mbuf.sh
+++ b/tests/sys/netpfil/pf/mbuf.sh
@@ -91,7 +91,68 @@
pft_cleanup
}
+atf_test_case "inet6_in_mbuf_len" "cleanup"
+inet6_in_mbuf_len_head()
+{
+ atf_set descr 'Test that pf can handle inbound with the first mbuf with m_len < sizeof(struct ip6_hdr)'
+ atf_set require.user root
+}
+inet6_in_mbuf_len_body()
+{
+ pft_init
+ dummymbuf_init
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a inet6 2001:db8::1/64 up no_dad
+
+ # Set up a simple jail with one interface
+ vnet_mkjail alcatraz ${epair}b
+ jexec alcatraz ifconfig ${epair}b inet6 2001:db8::2/64 up no_dad
+
+ # Sanity check
+ atf_check -s exit:0 -o ignore ping -c1 2001:db8::2
+
+ # Should be denied
+ jexec alcatraz pfctl -e
+ pft_set_rules alcatraz \
+ "block" \
+ "pass quick inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }"
+ atf_check -s not-exit:0 -o ignore ping -c1 -t1 2001:db8::2
+
+ # Should be allowed by from/to addresses
+ pft_set_rules alcatraz \
+ "block" \
+ "pass quick inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
+ "pass in inet6 from 2001:db8::1 to 2001:db8::2"
+ atf_check -s exit:0 -o ignore ping -c1 2001:db8::2
+
+ # Should still work for m_len=0
+ jexec alcatraz pfilctl link -i dummymbuf:inet6 inet6
+ jexec alcatraz sysctl net.dummymbuf.rules="inet6 in ${epair}b pull-head 0;"
+ atf_check_equal "0" "$(jexec alcatraz sysctl -n net.dummymbuf.hits)"
+ atf_check -s exit:0 -o ignore ping -c1 2001:db8::2
+ atf_check_equal "1" "$(jexec alcatraz sysctl -n net.dummymbuf.hits)"
+
+ # m_len=1
+ jexec alcatraz sysctl net.dummymbuf.rules="inet6 in ${epair}b pull-head 1;"
+ jexec alcatraz sysctl net.dummymbuf.hits=0
+ atf_check -s exit:0 -o ignore ping -c1 2001:db8::2
+ atf_check_equal "1" "$(jexec alcatraz sysctl -n net.dummymbuf.hits)"
+
+ # m_len=39
+ # provided IPv6 basic header is 40 bytes long, it should impact the dst addr
+ jexec alcatraz sysctl net.dummymbuf.rules="inet6 in ${epair}b pull-head 39;"
+ jexec alcatraz sysctl net.dummymbuf.hits=0
+ atf_check -s exit:0 -o ignore ping -c1 2001:db8::2
+ atf_check_equal "1" "$(jexec alcatraz sysctl -n net.dummymbuf.hits)"
+}
+inet6_in_mbuf_len_cleanup()
+{
+ pft_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "inet_in_mbuf_len"
+ atf_add_test_case "inet6_in_mbuf_len"
}

File Metadata

Mime Type
text/plain
Expires
Fri, Feb 28, 11:20 AM (20 h, 38 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16884782
Default Alt Text
D46312.diff (2 KB)

Event Timeline