Fix IPv6 extension header length calculation in dhcp6relay#103
Merged
Xichen96 merged 1 commit intosonic-net:masterfrom Apr 28, 2026
Merged
Fix IPv6 extension header length calculation in dhcp6relay#103Xichen96 merged 1 commit intosonic-net:masterfrom
Xichen96 merged 1 commit intosonic-net:masterfrom
Conversation
Per RFC 2460/8200, ip6e_len is in units of 8 octets, not counting the first 8 bytes. The correct advance is (ip6e_len + 1) * 8, not the raw byte value. Add a unit test with a Hop-by-Hop extension header (ip6e_len=1) to cover the nonzero case, which was previously untested. Signed-off-by: xq9mend <[email protected]>
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
Author
Xichen96
reviewed
Apr 28, 2026
| ext_header = (const struct ip6_ext *)current_position; | ||
| current_position += ext_header->ip6e_len; | ||
| current_position += (ext_header->ip6e_len + 1) * 8; | ||
| if((current_position == prev) || |
Contributor
There was a problem hiding this comment.
current_position wont be prev under current calculation
Xichen96
approved these changes
Apr 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why I did it
The IPv6 extension header parsing loop in dhcp6relay advances the current position by the raw
ip6e_lenbyte value. Per RFC 2460/8200,ip6e_lenis in units of 8 octets, not counting the first 8 bytes, so the correct advance is(ip6e_len + 1) * 8. Using the raw value causes header misparse for any packet with nonzeroip6e_len, which can lead to incorrect DHCPv6 relay behavior or process crash from L2-adjacent hosts.How I did it
Replace the raw byte advance with the RFC-mandated formula:
Add a unit test covering the nonzero
ip6e_lencase (Hop-by-Hop extension header withip6e_len=1, which should advance 16 bytes). The existing tests only coveredip6e_len=0, which was partially mitigated by a separate guard.How to verify it