HomeFreeBSD
Diffusion FreeBSD src repository b7a61e09e4ad

netinet6: Do not forward or send ICMPv6 messages to the unspec address
b7a61e09e4ad
Actions

Description

netinet6: Do not forward or send ICMPv6 messages to the unspec address

As in f7174eb2b4c4 ("netinet: Do not forward or ICMP response to
INADDR_ANY"), the IPv6 stack should avoid sending packets to the
unspecified address. In particular:

  • Make sure that we do not forward received packets to the unspecified address; the check in ip6_input() catches this in the common case, but after commit 40faf87894ff it's possible for a pfil hook to bypass this check and pass the packet to ip6_forward() using the PACKET_TAG_IPFORWARD tag.
  • Make sure that we do not reflect packets back to the unspecified address; RFC 4443 section 2.4 states that we must not generate error messages in response to packets from the unspecified address.

Reviewed by: zlei, glebius
Reported by: Franco Fichtner <franco@opnsense.org>
MFC after: 1 month
Sponsored by: Klara, Inc.
Sponsored by: OPNsense
Differential Revision: https://reviews.freebsd.org/D49339

Details

Provenance
markjAuthored on Tue, Apr 22, 2:54 PM
Reviewer
zlei
Differential Revision
D49339: netinet6: Do not forward or send ICMPv6 messages to the unspec address
Parents
rG1000cc4a0d39: so_splice: Disallow splicing with KTLS-enabled sockets
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
netinet6/

rGb7a61e09e4ad

View Options

sys/netinet6/icmp6.c

Loading...
View Options

sys/netinet6/ip6_forward.c

Loading...