295667 – stand/libsa: IP fragment reassembly broken

Bug 295667 - stand/libsa: IP fragment reassembly broken

Summary: stand/libsa: IP fragment reassembly broken

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	14.4-STABLE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2026-05-28 14:30 UTC by Rudolf Čejka
Modified:	2026-05-28 14:30 UTC (History)
CC List:	0 users

See Also:

Attachments
stand/libsa/ip.c diff (441 bytes, patch) 2026-05-28 14:30 UTC, Rudolf Čejka	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rudolf Čejka 2026-05-28 14:30:14 UTC

Created attachment 271293 [details]
stand/libsa/ip.c diff

There is a problem with IP fragment reassembly in stand/libsa/ip.c in ip_reasm_add(). Packets received in order are incorrectly inserted at the head of the list instead of the end. Patch shows mainly what is the problem and how to fix it, but I think that it would be better to rewrite the entire loop.

I found this while trying to increase nfs.read_size over 1344 bytes in loader.conf, when loader.efi loads kernel during PXE boot.