git: 5eb30c313cb0 - releng/13.3 - pf: allow MLD LR to be sent without state
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 07 Aug 2024 13:44:57 UTC
The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=5eb30c313cb051385d654f7bba36143ccb7dbf94 commit 5eb30c313cb051385d654f7bba36143ccb7dbf94 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-07-10 12:36:18 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2024-08-07 13:37:32 +0000 pf: allow MLD LR to be sent without state Change PF behavior to allow MLD Listener Report packets to be sent without needing a previously created state by MLD Listener Query. It wasn't working because: (1) you might not have a previous MLD Listener Query and (2) the addresses of the Query and Report don't match. ok mikeb@, sashan@ Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, rzalamena <rzalamena@openbsd.org>, 5c526dbdb0f2 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 1afe4da75d1d2acd33b25eea942af28aa41c82c2) --- sys/netpfil/pf/pf.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 388d632e8d50..96d67d906a4e 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1797,8 +1797,15 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, break; case MLD_LISTENER_QUERY: - *icmp_dir = PF_IN; case MLD_LISTENER_REPORT: { + /* + * Listener Report can be sent by clients + * without an associated Listener Query. + * In addition to that, when Report is sent as a + * reply to a Query its source and destination + * address are different. + */ + *icmp_dir = PF_IN; *virtual_type = MLD_LISTENER_QUERY; *virtual_id = 0; break;