Thu Feb 8 10:03:52 2018 UTC ()
Change the error stat from IP_STAT_BADFRAGS to IP_STAT_TOOLONG. The
ping_of_death ATF test expects this counter to get increased.


(maxv)
diff -r1.12 -r1.13 src/sys/netinet/ip_reass.c
cvs diff -r1.12 -r1.13 src/sys/netinet/ip_reass.c (expand / switch to unified diff)

--- src/sys/netinet/ip_reass.c 2018/02/06 15:48:02 1.12
+++ src/sys/netinet/ip_reass.c 2018/02/08 10:03:52 1.13
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: ip_reass.c,v 1.12 2018/02/06 15:48:02 maxv Exp $ */ 1/* $NetBSD: ip_reass.c,v 1.13 2018/02/08 10:03:52 maxv Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1982, 1986, 1988, 1993 4 * Copyright (c) 1982, 1986, 1988, 1993
5 * The Regents of the University of California. All rights reserved. 5 * The Regents of the University of California. All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -36,27 +36,27 @@ @@ -36,27 +36,27 @@
36 * 36 *
37 * Additive-Increase/Multiplicative-Decrease (AIMD) strategy for IP 37 * Additive-Increase/Multiplicative-Decrease (AIMD) strategy for IP
38 * reassembly queue buffer managment. 38 * reassembly queue buffer managment.
39 * 39 *
40 * We keep a count of total IP fragments (NB: not fragmented packets), 40 * We keep a count of total IP fragments (NB: not fragmented packets),
41 * awaiting reassembly (ip_nfrags) and a limit (ip_maxfrags) on fragments. 41 * awaiting reassembly (ip_nfrags) and a limit (ip_maxfrags) on fragments.
42 * If ip_nfrags exceeds ip_maxfrags the limit, we drop half the total 42 * If ip_nfrags exceeds ip_maxfrags the limit, we drop half the total
43 * fragments in reassembly queues. This AIMD policy avoids repeatedly 43 * fragments in reassembly queues. This AIMD policy avoids repeatedly
44 * deleting single packets under heavy fragmentation load (e.g., from lossy 44 * deleting single packets under heavy fragmentation load (e.g., from lossy
45 * NFS peers). 45 * NFS peers).
46 */ 46 */
47 47
48#include <sys/cdefs.h> 48#include <sys/cdefs.h>
49__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.12 2018/02/06 15:48:02 maxv Exp $"); 49__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.13 2018/02/08 10:03:52 maxv Exp $");
50 50
51#include <sys/param.h> 51#include <sys/param.h>
52#include <sys/types.h> 52#include <sys/types.h>
53 53
54#include <sys/malloc.h> 54#include <sys/malloc.h>
55#include <sys/mbuf.h> 55#include <sys/mbuf.h>
56#include <sys/mutex.h> 56#include <sys/mutex.h>
57#include <sys/pool.h> 57#include <sys/pool.h>
58#include <sys/queue.h> 58#include <sys/queue.h>
59#include <sys/sysctl.h> 59#include <sys/sysctl.h>
60#include <sys/systm.h> 60#include <sys/systm.h>
61 61
62#include <net/if.h> 62#include <net/if.h>
@@ -620,27 +620,27 @@ ip_reass_packet(struct mbuf **m0, struct @@ -620,27 +620,27 @@ ip_reass_packet(struct mbuf **m0, struct
620 /* 620 /*
621 * Prevent TCP blind data attacks by not allowing non-initial 621 * Prevent TCP blind data attacks by not allowing non-initial
622 * fragments to start at less than 68 bytes (minimal fragment 622 * fragments to start at less than 68 bytes (minimal fragment
623 * size) and making sure the first fragment is at least 68 623 * size) and making sure the first fragment is at least 68
624 * bytes. 624 * bytes.
625 */ 625 */
626 off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3; 626 off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3;
627 if ((off > 0 ? off + hlen : len) < IP_MINFRAGSIZE - 1) { 627 if ((off > 0 ? off + hlen : len) < IP_MINFRAGSIZE - 1) {
628 IP_STATINC(IP_STAT_BADFRAGS); 628 IP_STATINC(IP_STAT_BADFRAGS);
629 return EINVAL; 629 return EINVAL;
630 } 630 }
631 631
632 if (off + len > IP_MAXPACKET) { 632 if (off + len > IP_MAXPACKET) {
633 IP_STATINC(IP_STAT_BADFRAGS); 633 IP_STATINC(IP_STAT_TOOLONG);
634 return EINVAL; 634 return EINVAL;
635 } 635 }
636 636
637 /* 637 /*
638 * Fragment length and MF flag. Make sure that fragments have 638 * Fragment length and MF flag. Make sure that fragments have
639 * a data length which is non-zero and multiple of 8 bytes. 639 * a data length which is non-zero and multiple of 8 bytes.
640 */ 640 */
641 flen = ntohs(ip->ip_len) - hlen; 641 flen = ntohs(ip->ip_len) - hlen;
642 mff = (ip->ip_off & htons(IP_MF)) != 0; 642 mff = (ip->ip_off & htons(IP_MF)) != 0;
643 if (mff && (flen == 0 || (flen & 0x7) != 0)) { 643 if (mff && (flen == 0 || (flen & 0x7) != 0)) {
644 IP_STATINC(IP_STAT_BADFRAGS); 644 IP_STATINC(IP_STAT_BADFRAGS);
645 return EINVAL; 645 return EINVAL;
646 } 646 }