upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-20 00:11:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys
History
Kristof Provost 76afcbb524 pf: handle multiple IPv6 fragment headers 
With 'scrub fragment reassemble' if a packet contains multiple IPv6
fragment headers we would reassemble the packet and immediately
continue processing it.

That is, we'd remove the first fragment header and expect the next
header to be a final header (i.e. TCP, UDP, ICMPv6, ...). However, if
it's another fragment header we'd not treat the packet correctly.
That is, we'd fail to recognise the payload and treat it as if it were
an IPv6 fragment rather than as its actual payload.

Fix this by restarting the normalisation on the reassembled packet.
If there are multiple fragment headers drop the packet.

Reported by:	Enrico Bassetti bassetti@di.uniroma1.it (NetSecurityLab @ Sapienza University of Rome)
MFC after:	instant
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2023-08-04 15:23:49 +02:00
..
amd64 linux(4): Regen for ioprio syscalls 2023-08-04 16:03:57 +03:00
arm pcpu: Remove unused definitions of ALT_STACK_SIZE 2023-07-27 16:02:03 -04:00
arm64 linux(4): Regen for ioprio syscalls 2023-08-04 16:03:57 +03:00
bsm
cam cam(4): Fix a typo in a source code comment 2023-08-02 11:14:53 +02:00
cddl kinst.h: make pointer to probe in kinst_cpu_state const 2023-07-19 19:57:44 +03:00
compat linux(4): Add a dedicated ioprio system calls 2023-08-04 16:03:57 +03:00
conf iflib(9): Remove support for cloning pseudo interfaces 2023-08-03 23:10:18 +02:00
contrib zfs: set autotrim default to 'off' 2023-07-18 11:20:11 +02:00
crypto ossl: Don't try to initialize the cipher for Chacha20+Poly1305. 2023-06-20 07:53:50 -07:00
ddb ddb: Rework macros to make it easier to add new command tables. 2023-07-05 16:02:01 -07:00
dev e1000: Enable TSO for lem(4) and em(4) 2023-08-03 15:35:28 -07:00
dts spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
fs nfsserver: Fix a typo in a source code comment 2023-08-02 11:27:30 +02:00
gdb netgdb: Fix netgdb double ack, print proxy address 2023-05-27 09:34:17 -07:00
geom base: Remove support for the VTOC8 partitioning scheme 2023-07-26 13:16:12 +02:00
gnu spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
i386 linux(4): Regen for ioprio syscalls 2023-08-04 16:03:57 +03:00
isa isa_common: find next bit faster 2023-07-31 21:02:56 -05:00
kern kdb: Permit a NULL thread credential in kdb_backend_permitted() 2023-08-02 09:15:08 -04:00
kgssapi spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
libkern gsb_crc32: Fix a warning when compiled in userland. 2023-07-31 13:24:18 -07:00
modules iflib(9): Remove support for cloning pseudo interfaces 2023-08-03 23:10:18 +02:00
net iflib(9): Remove support for cloning pseudo interfaces 2023-08-03 23:10:18 +02:00
net80211 net80211: Radiotap: update for defines 2023-05-20 00:56:21 +00:00
netgraph SPDX: It's spelled 'SPDX-License-Identifier' 2023-05-12 10:44:04 -06:00
netinet sctp: keep sb_acc and sb_ccc in sync 2023-07-28 15:16:23 +02:00
netinet6 frag6: Avoid a possible integer overflow in fragment handling 2023-08-01 15:45:41 -04:00
netipsec tcp: fix TCP MD5 digest computation for TCP over UDP 2023-06-21 22:48:12 +02:00
netlink netinet[6]: make in[6]_control use ucred instead of td. 2023-07-01 06:52:24 +00:00
netpfil pf: handle multiple IPv6 fragment headers 2023-08-04 15:23:49 +02:00
netsmb spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
nfs Fix panic in nfs bootp/diskless after 0785c323f3. 2023-06-02 12:57:26 -04:00
nfsclient
nfsserver
nlm spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
ofed spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
opencrypto opencrypto: Respect alignment constraints in xor_and_encrypt() 2023-07-27 15:44:52 -04:00
powerpc Consistently provide ffs/fls using builtins 2023-07-06 14:46:41 -03:00
riscv pcpu: Remove unused definitions of ALT_STACK_SIZE 2023-07-27 16:02:03 -04:00
rpc spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
security mac_ipacl: new MAC policy module to limit jail/vnet IP configuration 2023-07-26 00:07:57 +00:00
sys Bump __FreeBSD_version to 1400094 for HID KPI changes 2023-08-03 19:10:51 +03:00
teken spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
tests ktest: make ktest work with Netlink loaded as a module. 2023-06-13 06:04:14 +00:00
tools Pre-quote macros passed to .incbin to avoid unwanted substitution 2023-07-28 05:08:43 +01:00
ufs UFS/FFS: Migrate to modern uintXX_t from u_intXX_t. 2023-07-27 15:27:36 -07:00
vm vm_phys_enqueue_contig: handle npages==0 2023-08-03 09:19:48 -05:00
x86 x86: remove intr_bind 2023-08-03 17:01:56 -04:00
xdr spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
xen xen: move vcpu_info to common, leave hook for setup 2023-07-21 10:59:12 +02:00
Makefile
README.md sys/README.md: Add a section for documentation 2023-08-03 11:07:41 -03:00

README.md

FreeBSD Kernel Source:

This directory contains the source files and build glue that make up the FreeBSD kernel and its modules, including both original and contributed software.

Kernel configuration files are located in the conf/ subdirectory of each architecture. GENERIC is the configuration used in release builds. NOTES contains documentation of all possible entries. LINT is a compile-only configuration used to maximize build coverage and detect regressions.

Documentation:

Source code documentation is maintained in a set of man pages, under section 9. These pages are located in share/man/man9, from the top-level of the src tree. Consult intro(9) for an overview of existing pages.

Some additional high-level documentation of the kernel is maintained in the Architecture Handbook.

Source Roadmap:

Directory Description
amd64 AMD64 (64-bit x86) architecture support
arm 32-bit ARM architecture support
arm64 64-bit ARM (AArch64) architecture support
cam Common Access Method storage subsystem - cam(4) and ctl(4)
cddl CDDL-licensed optional sources such as DTrace
conf kernel build glue
compat Linux compatibility layer, FreeBSD 32-bit compatibility
contrib 3rd-party imported software such as OpenZFS
crypto crypto drivers
ddb interactive kernel debugger - ddb(4)
fs most filesystems, excluding UFS, NFS, and ZFS
dev device drivers and other arch independent code
gdb kernel remote GDB stub - gdb(4)
geom GEOM framework - geom(4)
i386 i386 (32-bit x86) architecture support
kern main part of the kernel
libkern libc-like and other support functions for kernel use
modules kernel module infrastructure
net core networking code
net80211 wireless networking (IEEE 802.11) - net80211(4)
netgraph graph-based networking subsystem - netgraph(4)
netinet IPv4 protocol implementation - inet(4)
netinet6 IPv6 protocol implementation - inet6(4)
netipsec IPsec protocol implementation - ipsec(4)
netpfil packet filters - ipfw(4), pf(4), and ipfilter(4)
opencrypto OpenCrypto framework - crypto(7)
powerpc PowerPC/POWER (32 and 64-bit) architecture support
riscv 64-bit RISC-V architecture support
security security facilities - audit(4) and mac(4)
sys kernel headers
tests kernel unit tests
ufs Unix File System - ffs(7)
vm virtual memory system
x86 code shared by AMD64 and i386 architectures