[Bug 227674] [ipfw] [ipv6] ICMPv6 echo replies incorrectly matched by kernel ipfw
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Apr 21 18:34:28 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227674
Bug ID: 227674
Summary: [ipfw] [ipv6] ICMPv6 echo replies incorrectly matched
by kernel ipfw
Product: Base System
Version: 11.1-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: eugen at freebsd.org
CC: ae at FreeBSD.org, glebius at FreeBSD.org
This is very similar to old PR
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=131817 fixed 6 years ago with
https://svnweb.freebsd.org/base?view=revision&revision=223753
Now ipfw rule "deny log ip from any to any out recv re0 xmit re0" incorrectly
matches outgoing ICMPv6 echo replies sent by the system in response to incoming
echo request. The reply should not have "recv" attribute and should not be
matched.
I suspect that as in older ARP problem, the code re-uses mbuf and forgets to
nullify m->m_pkthdr.rcvif
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list