[riot-notifications] [RIOT-OS/RIOT] gnrc_ipv6_ext_frag: Initial import of IPv6 reassembly (#11596)

benpicco notifications at github.com
Sat Sep 14 11:15:16 CEST 2019


benpicco commented on this pull request.



> +        /* first fragment */
+        uint16_t ipv6_len = byteorder_ntohs(ipv6->len);
+
+        /* not divisible by 8*/
+        if ((pkt->size & 0x7)) {
+            DEBUG("ipv6_ext_frag: fragment length not divisible by 8");
+            goto error_exit;
+        }
+        _set_nh(fh_snip->next, nh);
+        gnrc_pktbuf_remove_snip(pkt, fh_snip);
+        /* TODO: RFC 8200 says "- 8"; determine if `sizeof(ipv6_ext_frag_t)` is
+         * really needed*/
+        rbuf->pkt_len += ipv6_len - pkt->size - sizeof(ipv6_ext_frag_t);
+        if (rbuf->pkt != NULL) {
+            /* first fragment but not first arriving */
+            memcpy(rbuf->pkt->data, pkt->data, pkt->size);

>  Either another fragment was already received (`rbuf->pkt != NULL`), then `rbuf->pkt` was already resized to the appropriate length until the previously received packet at the link you gave and we land here.

Is there a check that the fragment sizes are sound before? What happens if I first send fragment 2 claiming the total packet length is 42, then send fragment 1 with `pkt->size = 94`?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/11596#discussion_r324418500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190914/ceb649aa/attachment.htm>


More information about the notifications mailing list