Hello,
On Mon, May 31, 2021 at 02:33:00PM +1000, David Gwynne wrote:
> if you're looking at an ip header, it makes sense to do some checks to
> make sure that the values and addresses make some sense. the canonical
> versions of these checks are in the ipv4 and ipv6 input paths, which
> makes sense. when bridge(4) is about to run packets through pf it makes
> sure the ip headers are sane before first, which i think also makes
> sense. veb and tpmr don't do these checks before they run pf, but i
> think they should. however, duplicating the code again doesn't appeal to
> me.
>
> this factors the ip checks out in the ip_input path, and uses that code
> from bridge, veb, and tpmr.
>
> this is mostly shuffling the deck chairs, but ipv6 is moved around a bit
> more than ipv4, so some eyes and tests would be appreciated.
>
> in the future i think the ipv6 code should do length checks like the
> ipv4 code does too. this diff is big enough as it is though.
>
> ok?
>
no objection.
OK sashan
