opnsense-src

mirror of https://github.com/opnsense/src.git synced 2026-04-24 15:48:48 -04:00

History

Bjoern A. Zeeb 619456bb59 frag6: prevent overwriting initial fragoff=0 packet meta-data. When we receive the packet with the first fragmented part (fragoff=0) we remember the length of the unfragmentable part and the next header (and should probably also remember ECN) as meta-data on the reassembly queue. Someone replying this packet so far could change these 2 (3) values. While changing the next header seems more severe, for a full size fragmented UDP packet, for example, adding an extension header to the unfragmentable part would go unnoticed (as the framented part would be considered an exact duplicate) but make reassembly fail. So do not allow updating the meta-data after we have seen the first fragmented part anymore. The frag6_20 test case is added which failed before triggering an ICMPv6 "param prob" due to the check for each queued fragment for a max-size violation if a fragoff=0 packet was received. MFC after: 3 weeks Sponsored by: Netflix		2019-10-24 22:07:45 +00:00
..
dest6.c	Remove some unneccessary variable sets in IPv6 code, as detected by	2018-03-24 12:43:34 +00:00
frag6.c	frag6: prevent overwriting initial fragoff=0 packet meta-data.	2019-10-24 22:07:45 +00:00
icmp6.c	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
icmp6.h
in6.c	in6ifa_llaonifp() is never called from fast path, so do not require	2019-10-14 15:33:53 +00:00
in6.h	Convert all IPv4 and IPv6 multicast memberships into using a STAILQ	2019-06-25 11:54:41 +00:00
in6_cksum.c	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
in6_fib.c	Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9).	2018-06-16 08:26:23 +00:00
in6_fib.h	Renumber copyright clause 4	2017-02-28 23:42:47 +00:00
in6_gif.c	Add the check that current VNET is ready and access to srchash is allowed.	2018-10-23 13:11:45 +00:00
in6_ifattach.c	Don't cover in6_ifattach() with network epoch, as it may call into	2019-10-13 04:25:16 +00:00
in6_ifattach.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
in6_jail.c	Move most of the contents of opt_compat.h to opt_global.h.	2018-04-06 17:35:35 +00:00
in6_mcast.c	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
in6_pcb.c	IPv6 cleanup: kernel	2019-08-02 07:41:36 +00:00
in6_pcb.h	IPv6 cleanup: kernel	2019-08-02 07:41:36 +00:00
in6_pcbgroup.c	sys: general adoption of SPDX licensing ID tags.	2017-11-27 15:23:17 +00:00
in6_proto.c	frag6.c: move variables and sysctls into local file	2019-08-02 10:29:53 +00:00
in6_rmx.c	Use the new VNET_DEFINE_STATIC macro when we are defining static VNET	2018-07-24 16:35:52 +00:00
in6_rss.c	[netinet6]: Create a new IPv6 netisr which expects the frames to have been verified.	2015-11-06 23:07:43 +00:00
in6_rss.h	Implement RSS hashing/re-hashing for IPv6 ingress packets.	2015-08-29 07:14:29 +00:00
in6_src.c	IPv6 cleanup: kernel	2019-08-02 07:41:36 +00:00
in6_var.h	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
ip6.h
ip6_ecn.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
ip6_fastfwd.c	New pfil(9) KPI together with newborn pfil API and control utility.	2019-01-31 23:01:03 +00:00
ip6_forward.c	Add a missing include of opt_sctp.h.	2019-10-12 22:58:33 +00:00
ip6_gre.c	Add GRE-in-UDP encapsulation support as defined in RFC8086.	2019-04-24 09:05:45 +00:00
ip6_id.c	ip6_randomflowlabel: Avoid blocking if random(4) is not available	2019-04-23 17:18:20 +00:00
ip6_input.c	frag6: fix vnet teardown leak	2019-10-21 08:48:47 +00:00
ip6_mroute.c	Plug some networking sysctl leaks.	2018-11-22 20:49:41 +00:00
ip6_mroute.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
ip6_output.c	ip6_output() has a complex set of gotos, and some can jump out of	2019-10-09 17:02:28 +00:00
ip6_var.h	frag6: replace KAME hand-rolled queues with queue(9) TAILQs	2019-10-23 23:01:18 +00:00
ip6protosw.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
ip_fw_nat64.h	Reapply r345274 with build fixes for 32-bit architectures.	2019-03-19 10:57:03 +00:00
ip_fw_nptv6.h	Add ability to use dynamic external prefix in ipfw_nptv6 module.	2018-11-12 11:20:59 +00:00
mld6.c	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
mld6.h	sys: general adoption of SPDX licensing ID tags.	2017-11-27 15:23:17 +00:00
mld6_var.h	Fix refcounting leaks in IPv6 MLD code leading to loss of IPv6	2019-01-24 08:34:13 +00:00
nd6.c	Don't cover in6_ifattach() with network epoch, as it may call into	2019-10-13 04:25:16 +00:00
nd6.h	Update for IETF draft-ietf-6man-ipv6only-flag.	2019-03-07 23:03:39 +00:00
nd6_nbr.c	Execute nd6_dad_timer() in the network epoch, since nd6_dad_duplicated()	2019-10-22 16:06:33 +00:00
nd6_rtr.c	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
pim6.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
pim6_var.h	Rework IP encapsulation handling code.	2018-06-05 20:51:01 +00:00
raw_ip6.c	Revert changes to rip6_bind() from r353292. This function is always	2019-10-09 05:52:07 +00:00
raw_ip6.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
route6.c	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
scope6.c	Mechanical cleanup of epoch(9) usage in network stack.	2019-01-09 01:11:19 +00:00
scope6_var.h	Constify argument of in6_getscope().	2018-06-05 20:54:29 +00:00
sctp6_usrreq.c	Ensure that the flags indicating IPv4/IPv6 are not changed by failing	2019-10-24 20:05:10 +00:00
sctp6_var.h	Whitespace changes due to changes in ident.	2018-07-19 20:16:33 +00:00
send.c	Use the new VNET_DEFINE_STATIC macro when we are defining static VNET	2018-07-24 16:35:52 +00:00
send.h	sys: general adoption of SPDX licensing ID tags.	2017-11-27 15:23:17 +00:00
tcp6_var.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
udp6_usrreq.c	Ensure that the flags indicating IPv4/IPv6 are not changed by failing	2019-10-24 20:05:10 +00:00
udp6_var.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00