Subject: Re: latest ipfilter, IPv6 handling
To: None <firstname.lastname@example.org>
From: Darren Reed <email@example.com>
Date: 03/29/2001 11:14:52
In some email I received from firstname.lastname@example.org, sie wrote:
> >> >> ip_fil.c:send_reset()
> >> >> packet size may possibly overrun mbuf, on certain operating systems
> >> >> (like MSIZE == 128 and sizeof(void *) == 8).
> >> >huh ?
> >> >In send_reset(), it is ONLY IPv6 + TCP.
> >> >You're telling me that'll overflow 128 bytes ?!
> >> >Likewise, I don't see anything that does anything with "sizeof(void *)"/
> >> MHLEN = MSIZE - sizeof(a couple of pointers and integers).
> >> TCP header (including option part) can take up to 64 bytes.
> >> IPv6 header occupies 40 bytes.
> >> if 40 + 64 > MHLEN, you are dead.
> >TCP RST's are generated without TCP options and have 20 byte headers.
> if I were you I would put
> #ifdef DIAGNOSTIC
> if (MHLEN > 20 + 64)
Why is that 20 + 64 ? Isn't an IPv6 header 40 bytes long, not 64 ?
4 + 2 + 1 + 1 + 2 * 16 = 40
Should I also include:
if (MHLEN > 20 + 20)
For the plain IPv4 case ?
I mean if we can't get a basic TCP + IPv* header into a single MBUF we're
in a seriously screwed position and we'll be up the creek in so many ways.