npf: nbuf_ensure_contig and large options

To: "tech-net%NetBSD.org@localhost" <tech-net%netbsd.org@localhost>
Subject: npf: nbuf_ensure_contig and large options
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Sun, 8 Apr 2018 11:25:53 +0200

For the record, an issue I spotted some time ago; nbuf_ensure_contig calls
m_ensure_contig with the first mbuf of the chain, but m_ensure_contig has
a maximum 'len' argument of MHLEN, which is below the allowed option offset
for IPv6. So if you send a big IPv6 packet, and if an option happens to be
split across two mbufs, NPF fails to parse the packet.

There probably aren't many reasons for an IPv6 packet to have an option
located this far, but that's theoretically possible, and more importantly,
correct specwise.

NPF needs to be able to do an ensure_contig on secondary mbufs, without
moving everything into the first one. Not sure how to achieve this, I will
probably just file a PR.

Follow-Ups:
- Re: npf: nbuf_ensure_contig and large options
  - From: Mindaugas Rasiukevicius
- Re: npf: nbuf_ensure_contig and large options
  - From: Michael van Elst

Prev by Date: Re: NPF: broken checksums
Next by Date: Re: npf: nbuf_ensure_contig and large options
Previous by Thread: Configuring a Bonjour host name
Next by Thread: Re: npf: nbuf_ensure_contig and large options
Indexes:

Home | Main Index | Thread Index | Old Index