Page MenuHomeFreeBSD

IPv6: Fix a panic in the nd6 code with unmapped mbufs.
ClosedPublic

Authored by gallatin on May 12 2020, 1:34 PM.
Tags
None
Referenced Files
F106616775: D24821.id71684.diff
Thu, Jan 2, 7:34 PM
Unknown Object (File)
Mon, Dec 30, 10:15 PM
Unknown Object (File)
Wed, Dec 11, 8:07 PM
Unknown Object (File)
Wed, Dec 4, 9:47 AM
Unknown Object (File)
Oct 4 2024, 11:57 AM
Unknown Object (File)
Oct 3 2024, 9:03 PM
Unknown Object (File)
Sep 4 2024, 3:00 PM
Unknown Object (File)
Aug 22 2024, 6:30 AM
Subscribers

Details

Summary

If the neighbor entry for an IPv6 TCP session using unmapped
mbufs times out, IPv6 will send an icmp6 dest. unreachable
message. In doing this, it will try to do a software checksum
on the reflected packet. If this is a TCP session using unmapped
mbufs, then there will be a kernel panic.

To fix this, just free mbufs with unmapped mbufs before the icmp
is generated.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 31045

Event Timeline

This revision is now accepted and ready to land.May 12 2020, 1:51 PM

Looks good (other than the yoda style in one conditional).

sys/netinet6/nd6.c
833

Yoda style isn't consistent with the rest of this file.

Perhaps adjust the commit message to say something like "To fix this, discard the packet rather than than sending the ICMP message". Right now "free mbufs before the icmp is generated" implied to me that we would still send the ICMP, but perhaps with altered content rather than skipping it entirely.