When sending IPv6 fragmented packets and a fragment is lost before the network device is freed, the mbuf making up the fragment will remain in the temporary hashed fragment list and cause a panic when it times out due to accessing a freed network interface structure.
- Make sure the m_pkthdr.rcvif always point to a valid network interface. Else the value should be set to NULL.
- Use the rcvif of the last received fragment as m_pkthdr.rcvif for the fully defragged packet.
This avoids feeding mbufs to the netisr having a NULL rcvif in the m_pkthdr.
hlim = ND_IFINFO(m->m_pkthdr.rcvif)->chlim;
^^^^ rcvif->if_afdata[AF_INET6] is NULL.
Sponsored by: Mellanox Technologies
MFC after: 1 week