]> nv-tegra.nvidia Code Review - linux-4.9.git/commitdiff
Code Review / linux-4.9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8716959)
ipv6: defrag: drop non-last frags smaller than min mtu
authorFlorian Westphal <fw@strlen.de>
Wed, 10 Oct 2018 19:30:10 +0000 (12:30 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 18 Oct 2018 07:13:26 +0000 (09:13 +0200)
don't bother with pathological cases, they only waste cycles.
IPv6 requires a minimum MTU of 1280 so we should never see fragments
smaller than this (except last frag).

v3: don't use awkward "-offset + len"
v2: drop IPv4 part, which added same check w. IPV4_MIN_MTU (68).
    There were concerns that there could be even smaller frags
    generated by intermediate nodes, e.g. on radio networks.

Cc: Peter Oskolkov <posk@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 0ed4229b08c13c84a3c301a08defdc9e7f4467e6)
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/ipv6/netfilter/nf_conntrack_reasm.c patch | blob | history
net/ipv6/reassembly.c patch | blob | history

diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index ff49d1f2c8cbdeb4306027faf56fba477c1e7bb5..b815417013469256834813db11c47216de4e2284 100644 (file)
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -564,6 +564,10 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user)
        hdr = ipv6_hdr(skb);
        fhdr = (struct frag_hdr *)skb_transport_header(skb);
 
+       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
+           fhdr->frag_off & htons(IP6_MF))
+               return -EINVAL;
+
        skb_orphan(skb);
        fq = fq_find(net, fhdr->identification, user, hdr,
                     skb->dev ? skb->dev->ifindex : 0);
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index dbe726c9a2ae015d18d2dd1f8b06be5b4d058b27..78656bbe50e73735830a8d970bc98e40079a5443 100644 (file)
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -516,6 +516,10 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
                return 1;
        }
 
+       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
+           fhdr->frag_off & htons(IP6_MF))
+               goto fail_hdr;
+
        iif = skb->dev ? skb->dev->ifindex : 0;
        fq = fq_find(net, fhdr->identification, hdr, iif);
        if (fq) {
Unnamed repository; edit this file 'description' to name the repository.