On 27.10.2020 10:57, Hangbin Liu wrote:
> On Tue, Oct 27, 2020 at 07:57:06AM +0000, Georg Kohmann (geokohma) wrote:
>>> + /* RFC 8200, Section 4.5 Fragment Header:
>>> + * If the first fragment does not include all headers through an
>>> + * Upper-Layer header, then that fragment should be discarded and
>>> + * an ICMP Parameter Problem, Code 3, message should be sent to
>>> + * the source of the fragment, with the Pointer field set to zero.
>>> + */
>>> + nexthdr = hdr->nexthdr;
>>> + offset = ipv6_skip_exthdr(skb, skb_transport_offset(skb), &nexthdr,
>>> &frag_off);
>>> + if (offset >= 0) {
>>> + /* Check some common protocols' header */
>>> + if (nexthdr == IPPROTO_TCP)
>>> + offset += sizeof(struct tcphdr);
>>> + else if (nexthdr == IPPROTO_UDP)
>>> + offset += sizeof(struct udphdr);
>>> + else if (nexthdr == IPPROTO_ICMPV6)
>>> + offset += sizeof(struct icmp6hdr);
>>> + else
>>> + offset += 1;
>>> +
>>> + if (frag_off == htons(ip6_mf) && offset > skb->len) {
>> This do not catch atomic fragments (fragmented packet with only one
>> fragment). frag_off also contains two reserved bits (both 0) that might
>> change in the future.
> Thanks, I also didn't aware this scenario.
>
>> I suggest you only check that the offset is 0:
>> frag_off & htons(IP6_OFFSET)
> This will match all other fragment packets. RFC request we reply ICMP for the
> first fragment packet, Do you mean
>
> if (!frag_off & htons(IP6_OFFSET) && offset > skb->len)
Almost, add some parentheses:
if (!(frag_off & htons(IP6_OFFSET)) && offset > skb->len)
>
> Thanks
> Hangbin
