Page MenuHomeFreeBSD
Differential D49339

netinet6: Do not forward or send ICMPv6 messages to the unspec address
ClosedPublic
Actions

Authored by markj on Mar 13 2025, 12:22 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Aug 22, 6:56 AM
Unknown Object (File)
Sat, Aug 2, 11:50 PM
Unknown Object (File)
Jul 28 2025, 1:00 AM
Unknown Object (File)
Jul 20 2025, 4:21 PM
Unknown Object (File)
Jun 29 2025, 12:29 PM
Unknown Object (File)
Jun 26 2025, 5:56 AM
Unknown Object (File)
Jun 23 2025, 2:44 PM
Unknown Object (File)
Jun 13 2025, 7:58 AM
View All 31 Files
Subscribers
ae
franco_opnsense.org
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
zlei
glebius
Commits
rG226076aa20f3: netinet6: Do not forward or send ICMPv6 messages to the unspec address
rGb7a61e09e4ad: netinet6: Do not forward or send ICMPv6 messages to the unspec address
Summary

As in f7174eb2b4c4 ("netinet: Do not forward or ICMP response to
INADDR_ANY"), the IPv6 stack should avoid sending packets to the
unspecified address. In particular:

  • Make sure that we do not forward received packets to the unspecified address; the check in ip6_input() catches this in the common case, but after commit 40faf87894ff it's possible for a pfil hook to bypass this check and pass the packet to ip6_forward() using the PACKET_TAG_IPFORWARD tag.
  • Make sure that we do not reflect packets back to the unspecified address; RFC 4443 section 2.4 states that we must not generate error messages in response to packets from the unspecified address.

Reported by: Franco Fichtner <franco@opnsense.org>
Sponsored by: Klara, Inc.
Sponsored by: OPNsense

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 62898
Build 59782: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netinet6/
6 lines
3 lines

Diff 152205

View Options

sys/netinet6/icmp6.c

Loading...
View Options

sys/netinet6/ip6_forward.c

Loading...