@@ -1,4 +1,4 @@
-/* $NetBSD: icmp6.c,v 1.108 2005/01/17 10:16:07 itojun Exp $ */
+/* $NetBSD: icmp6.c,v 1.108.8.1 2008/10/03 09:21:02 jdc Exp $ */
/* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.108 2005/01/17 10:16:07 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.108.8.1 2008/10/03 09:21:02 jdc Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -515,6 +515,9 @@
case ICMP6_PACKET_TOO_BIG:
icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_pkttoobig);
+ /*
+ * MTU is checked in icmp6_mtudisc.
+ */
code = PRC_MSGSIZE;
/*
@@ -1106,6 +1109,20 @@
u_int mtu = ntohl(icmp6->icmp6_mtu);
struct rtentry *rt = NULL;
struct sockaddr_in6 sin6;
+
+ /*
+ * The MTU should not be less than the minimal IPv6 MTU except for the
+ * hack in ip6_output/ip6_setpmtu where we always include a frag header.
+ * In that one case, the MTU might be less than 1280.
+ */
+ if (__predict_false(mtu < IPV6_MMTU - sizeof(struct ip6_frag))) {
+ /* is the mtu even sane? */
+ if (mtu < sizeof(struct ip6_hdr) + sizeof(struct ip6_frag) + 8)
+ return;
+ if (!validated)
+ return;
+ mtu = IPV6_MMTU - sizeof(struct ip6_frag);
+ }
/*
* allow non-validated cases if memory is plenty, to make traffic