Page MenuHomeFreeBSD
Differential D39063

pf tests: test IPv6 fragmentation with link-local addresses
ClosedPublic
Actions

Authored by kp on Mar 13 2023, 5:19 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sep 27 2024, 8:50 PM
Unknown Object (File)
Sep 17 2024, 8:00 AM
Unknown Object (File)
Sep 4 2024, 5:51 AM
Unknown Object (File)
Sep 2 2024, 4:45 PM
Unknown Object (File)
Jul 26 2024, 2:05 PM
Unknown Object (File)
Jul 18 2024, 6:05 AM
Unknown Object (File)
Jul 7 2024, 9:32 AM
Unknown Object (File)
Jul 1 2024, 11:23 PM
View All 55 Files
Subscribers
farrokhi
glebius
imp
jlduran
melifaro

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG4b77c46dc29a: pf tests: test IPv6 fragmentation with link-local addresses
rG5e7bbde17d53: pf tests: test IPv6 fragmentation with link-local addresses
rG225e85513fd7: pf tests: test IPv6 fragmentation with link-local addresses
Summary

We've observed a panic after pf_refragment6() with link-local addresses,
because pf_refragment6() calls ip6_forward() even for a simple output
case.
That results in us entering ip6_forward() with an mbuf with a NULL
m->m_pkthdr.rcvif, which can cause a NULL deref (but seemingly not for
GUAs.

Test sending fragmented link-local packets to pf.

MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 50330
Build 47222: arc lint + arc unit

Event Timeline

kp created this revision.Mar 13 2023, 5:19 PM
Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptMar 13 2023, 5:19 PM
kp requested review of this revision.Mar 13 2023, 5:19 PM
kp added a parent revision: D39062: pf: set scope in pf_refragment6().
Harbormaster completed remote builds in B50330: Diff 118755.Mar 13 2023, 5:19 PM
jlduran added a subscriber: jlduran.Mar 13 2023, 10:52 PM
jlduran added inline comments.
tests/sys/netpfil/pf/fragmentation.sh
128

While ping6 is still a thing, I would humbly advise to use ping -6 instead.

kp updated this revision to Diff 118789.Mar 14 2023, 7:39 AM

ping6 -> ping -6

Harbormaster completed remote builds in B50351: Diff 118789.Mar 14 2023, 7:39 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 16 2023, 10:01 AM
Closed by commit rG225e85513fd7: pf tests: test IPv6 fragmentation with link-local addresses (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG225e85513fd7: pf tests: test IPv6 fragmentation with link-local addresses.
kp added a commit: rG5e7bbde17d53: pf tests: test IPv6 fragmentation with link-local addresses.Mar 20 2023, 9:47 AM
kp added a commit: rG4b77c46dc29a: pf tests: test IPv6 fragmentation with link-local addresses.

Revision Contents
Changeset List

PathSize
tests/
sys/
netpfil/
pf/
10 lines

Diff 118755

View Options

tests/sys/netpfil/pf/fragmentation.sh

Loading...