kern/52469: ipf fails to return-rst (or panics) on a IPv6 link-local-address

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/52469: ipf fails to return-rst (or panics) on a IPv6 link-local-address
From: ef%math.uni-bonn.de@localhost
Date: Mon, 7 Aug 2017 14:15:00 +0000 (UTC)

>Number:         52469
>Category:       kern
>Synopsis:       ipf fails to return-rst (or panics) on a IPv6 link-local-address
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 07 14:15:00 +0000 2017
>Originator:     Edgar Fuß
>Release:        6.1 (ignored), 7.1 (panics)
>Organization:
Mathematisches Institut der Universität Bonn
>Environment:
>Description:
With a block rule qualified "return-rst", if that rule matches a link-local address, no RST is returned (on NetBSD-6) or the system panics (on NetBSD-7).
The problem is that ipf6_fastroute() consults the routing cache without having inserted the address's scope first.
>How-To-Repeat:
Add a block rule qualified "return-rst" that matches a link-local address. Make that rule match. Observe no RST being sent or the system panic.
>Fix:
Index: ip_fil_netbsd.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c,v
retrieving revision 1.11
diff -u -p -r1.11 ip_fil_netbsd.c
--- ip_fil_netbsd.c	25 Jul 2014 08:10:39 -0000	1.11
+++ ip_fil_netbsd.c	20 Jul 2017 13:04:22 -0000
@@ -1378,6 +1378,9 @@ ipf_fastroute6(struct mbuf *m0, struct m
 		sockaddr_in6_init(&u.dst6, &fdp->fd_ip6.in6, 0, 0, 0);
 	else
 		sockaddr_in6_init(&u.dst6, &fin->fin_fi.fi_dst.in6, 0, 0, 0);
+	/* KAME */
+	if (IN6_IS_ADDR_LINKLOCAL(&u.dst6.sin6_addr))
+		u.dst6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
 	dst = &u.dst;
 	rtcache_setdst(ro, dst);
 
@@ -1389,6 +1392,9 @@ ipf_fastroute6(struct mbuf *m0, struct m
 	dst6->sin6_family = AF_INET6;
 	dst6->sin6_len = sizeof(struct sockaddr_in6);
 	dst6->sin6_addr = fin->fin_fi.fi_dst.in6;
+	/* KAME */
+	if (IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr))
+		dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
 
 	if (fdp != NULL) {
 		if (IP6_NOTZERO(&fdp->fd_ip6))
@@ -1407,15 +1413,6 @@ ipf_fastroute6(struct mbuf *m0, struct m
 		goto bad;
 	}
 
-	/* KAME */
-# if __NetBSD_Version__ >= 499001100
-	if (IN6_IS_ADDR_LINKLOCAL(&u.dst6.sin6_addr))
-		u.dst6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# else
-	if (IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr))
-		dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# endif
-
 	{
 # if (__NetBSD_Version__ >= 106010000) && !defined(IN6_LINKMTU)
 		struct in6_ifextra *ife;

Prev by Date: Re: PR/52438 CVS commit: src/sys/external/bsd/drm2/dist/drm/ttm
Next by Date: Re: kern/52469: ipf fails to return-rst (or panics) on a IPv6 link-local-address
Previous by Thread: kern/52468: ISA DMA incorrectly maps I/O port 0x80 for page address registers
Next by Thread: Re: kern/52469: ipf fails to return-rst (or panics) on a IPv6 link-local-address
Indexes:

Home | Main Index | Thread Index | Old Index