net/packet: cleanup IPv4 fragment guards

The first packet fragment guard had an additional guard clause that was
incorrectly comparing a length in bytes to a length in octets, and was
also comparing what should have been an entire IPv4 through transport
header length to a subprotocol payload length. The subprotocol header
size guards were otherwise protecting against short transport headers,
as is the conservative non-first fragment minimum offset size. Add an
explicit disallowing of fragmentation for TSMP for the avoidance of
doubt.

Updates #cleanup
Updates #5727

Signed-off-by: James Tucker <james@tailscale.com>
This commit is contained in:
James Tucker
2025-06-03 15:24:31 -07:00
committed by James Tucker
parent b0f7b23efe
commit 9206e766ed
4 changed files with 149 additions and 10 deletions
+2
View File
@@ -19,6 +19,8 @@ import (
"tailscale.com/types/ipproto"
)
const minTSMPSize = 7 // the rejected body is 7 bytes
// TailscaleRejectedHeader is a TSMP message that says that one
// Tailscale node has rejected the connection from another. Unlike a
// TCP RST, this includes a reason.