Description:
Handle IPv6 fragment extension header
only return NULL when reached end of packet (no data)
Explanation:
When issue #488 was fixed (pr #496) (version=4.3.0, and carried forward to version=4.4.0), the fix prevented IPv6
fragment extension header handling. The need was to prevent addressing headers beyond packet length (to avoid
heap corruption). However, the fix prevents any further processing of the packet after fragment extension header found.
When the extension header proto=TCPR_IPV6_NH_FRAGMENT, we can skip that header (fixed length=32 bits),
process any further extension headers, and return a pointer to packet data.
When issue #611 was fixed (pr #613), the solution was to leave any IPv6 packets with fragment extension header
untouched (and generate TCPEDIT_SOFT_ERROR). This change allowed tcprewrite to continue, and these packets
could be skipped (use option --skip-soft-errors). This was to avoid abort/failure of the code to run on pcap having
any fragment headers.
Both of these issues are handled by this PR.
resolves issue #496 by avoiding addressing headers beyond packet length
resolves issue #611 by enabling tcprewrite to continue after encountering fragment packets.
Description: Handle IPv6 fragment extension header only return NULL when reached end of packet (no data)
Explanation: When issue #488 was fixed (pr #496) (version=4.3.0, and carried forward to version=4.4.0), the fix prevented IPv6 fragment extension header handling. The need was to prevent addressing headers beyond packet length (to avoid heap corruption). However, the fix prevents any further processing of the packet after fragment extension header found. When the extension header
proto=TCPR_IPV6_NH_FRAGMENT
, we can skip that header (fixed length=32 bits), process any further extension headers, and return a pointer to packet data.When issue #611 was fixed (pr #613), the solution was to leave any IPv6 packets with fragment extension header untouched (and generate
TCPEDIT_SOFT_ERROR
). This change allowed tcprewrite to continue, and these packets could be skipped (use option--skip-soft-errors
). This was to avoid abort/failure of the code to run on pcap having any fragment headers.Both of these issues are handled by this PR.
Reference: