svn commit: r332886 - head/sys/netinet6

Andrey V. Elsukov ae at FreeBSD.org
Mon Apr 23 12:20:08 UTC 2018


Author: ae
Date: Mon Apr 23 12:20:07 2018
New Revision: 332886
URL: https://svnweb.freebsd.org/changeset/base/332886

Log:
  icmp6_reflect() sends ICMPv6 message with new IPv6 header. So, it is
  considered as originated by our host packet. And thus rcvif should be
  NULL, since it is used by ipfw(4) to determine that packet was originated
  from this host. Some of icmp6_reflect() consumers reuse mbuf and m_pkthdr
  without resetting rcvif pointer. To avoid this always reset m_pkthdr.rcvif
  pointer to NULL in icmp6_reflect(). Also remove such line and comment
  describing this from icmp6_error(), since it does not longer matters.
  
  PR:		227674
  Reported by:	eugen
  MFC after:	1 week

Modified:
  head/sys/netinet6/icmp6.c

Modified: head/sys/netinet6/icmp6.c
==============================================================================
--- head/sys/netinet6/icmp6.c	Mon Apr 23 10:35:00 2018	(r332885)
+++ head/sys/netinet6/icmp6.c	Mon Apr 23 12:20:07 2018	(r332886)
@@ -383,15 +383,6 @@ icmp6_error(struct mbuf *m, int type, int code, int pa
 	icmp6->icmp6_code = code;
 	icmp6->icmp6_pptr = htonl((u_int32_t)param);
 
-	/*
-	 * icmp6_reflect() is designed to be in the input path.
-	 * icmp6_error() can be called from both input and output path,
-	 * and if we are in output path rcvif could contain bogus value.
-	 * clear m->m_pkthdr.rcvif for safety, we should have enough scope
-	 * information in ip header (nip6).
-	 */
-	m->m_pkthdr.rcvif = NULL;
-
 	ICMP6STAT_INC(icp6s_outhist[type]);
 	icmp6_reflect(m, sizeof(struct ip6_hdr)); /* header order: IPv6 - ICMPv6 */
 
@@ -2183,7 +2174,7 @@ icmp6_reflect(struct mbuf *m, size_t off)
 	 */
 
 	m->m_flags &= ~(M_BCAST|M_MCAST);
-
+	m->m_pkthdr.rcvif = NULL;
 	ip6_output(m, NULL, NULL, 0, NULL, &outif, NULL);
 	if (outif)
 		icmp6_ifoutstat_inc(outif, type, code);


More information about the svn-src-all mailing list