system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-16 08:19:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/include
History
Georg Kohmann 9d9e937b1c ipv6/netfilter: Discard first fragment not including all headers 
Packets are processed even though the first fragment don't include all
headers through the upper layer header. This breaks TAHI IPv6 Core
Conformance Test v6LC.1.3.6.

Referring to RFC8200 SECTION 4.5: "If the first fragment does not include
all headers through an Upper-Layer header, then that fragment should be
discarded and an ICMP Parameter Problem, Code 3, message should be sent to
the source of the fragment, with the Pointer field set to zero."

The fragment needs to be validated the same way it is done in
commit 2efdaaaf88 ("IPv6: reply ICMP error if the first fragment don't
include all headers") for ipv6. Wrap the validation into a common function,
ipv6_frag_thdr_truncated() to check for truncation in the upper layer
header. This validation does not fullfill all aspects of RFC 8200,
section 4.5, but is at the moment sufficient to pass mentioned TAHI test.

In netfilter, utilize the fragment offset returned by find_prev_fhdr() to
let ipv6_frag_thdr_truncated() start it's traverse from the fragment
header.

Return 0 to drop the fragment in the netfilter. This is the same behaviour
as used on other protocol errors in this function, e.g. when
nf_ct_frag6_queue() returns -EPROTO. The Fragment will later be picked up
by ipv6_frag_rcv() in reassembly.c. ipv6_frag_rcv() will then send an
appropriate ICMP Parameter Problem message back to the source.

References commit 2efdaaaf88 ("IPv6: reply ICMP error if the first
fragment don't include all headers")

Signed-off-by: Georg Kohmann <geokohma@cisco.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://lore.kernel.org/r/20201111115025.28879-1-geokohma@cisco.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2020-11-16 10:15:11 -08:00
..
acpi pci-v5.10-changes 2020-10-22 12:41:00 -07:00
asm-generic asm-generic: fixes for v5.10 2020-10-30 13:11:46 -07:00
clocksource
crypto
drm drm: drm_print.h: fix kernel-doc markups 2020-10-27 11:21:39 +01:00
dt-bindings ARM: Devicetree updates 2020-10-24 10:44:18 -07:00
keys
kunit kunit: test: fix remaining kernel-doc warnings 2020-10-26 13:23:44 -06:00
kvm ARM: 2020-10-23 11:17:56 -07:00
linux PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter 2020-11-16 09:37:01 -08:00
math-emu
media ARM: SoC platform updates 2020-10-24 10:33:08 -07:00
memory
misc
net ipv6/netfilter: Discard first fragment not including all headers 2020-11-16 10:15:11 -08:00
pcmcia
ras mm,hwpoison: introduce MF_MSG_UNSPLIT_THP 2020-10-16 11:11:17 -07:00
rdma RDMA: Add rdma_connect_locked() 2020-10-28 09:14:49 -03:00
scsi SCSI misc on 20201023 2020-10-23 16:19:02 -07:00
soc ARM: SoC-related driver updates 2020-10-24 10:39:22 -07:00
sound ALSA: make snd_kcontrol_new name a normal string 2020-10-26 20:28:59 +01:00
target
trace This is mainly server-to-server copy and fallout from Chuck's 5.10 rpc 2020-11-09 12:43:12 -08:00
uapi sound fixes for 5.10-rc3 2020-11-06 12:58:11 -08:00
vdso
video gpu: ipu-v3: remove unused functions 2020-10-26 10:42:38 +01:00
xen xen: branch for v5.10-rc1c 2020-10-25 10:55:35 -07:00