Hello, On Mon, May 31, 2021 at 02:33:00PM +1000, David Gwynne wrote: > if you're looking at an ip header, it makes sense to do some checks to > make sure that the values and addresses make some sense. the canonical > versions of these checks are in the ipv4 and ipv6 input paths, which > makes sense. when bridge(4) is about to run packets through pf it makes > sure the ip headers are sane before first, which i think also makes > sense. veb and tpmr don't do these checks before they run pf, but i > think they should. however, duplicating the code again doesn't appeal to > me. > > this factors the ip checks out in the ip_input path, and uses that code > from bridge, veb, and tpmr. > > this is mostly shuffling the deck chairs, but ipv6 is moved around a bit > more than ipv4, so some eyes and tests would be appreciated. > > in the future i think the ipv6 code should do length checks like the > ipv4 code does too. this diff is big enough as it is though. > > ok? >
no objection. OK sashan