[Bug 274009] in_pcblookup_hash_locked: invalid local address panic on sendto(2) to ipv4-mapped

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274009

--- Comment #9 from Benjamin Jacobs <freebsd@dev.thsi.be> ---
(In reply to Mark Johnston from comment #6)

Hi, yes it does seem to be that same issue.

(In reply to Michael Tuexen from comment #8)

My 2 cents: the version flag is indeed tricky because - as noted by
Mark in its revision - an AF_INET6 UDP socket can transition back and
forth between v4 and v6 (either by using connect() and/or sendto). I'm
not sure either that getting rid of it is the right approach because
the code ends up having to pass around an extra flag argument all over
the place. But there are also some unclear locking rules, as stated in
the comment around the in_pcb stuff, which makes the whole concept far
from trivial for me to understand :)

Nonetheless, I made a patch in a way for me to have something
working. But it does seem all very hacky and ugly to carry an argument
for "it is actually a v4-mapped" flag to all callers, and callers of
callers, of the in_pcb_lport_dest. Also I did not completely
understood the implication w.r.t. the handling of wildcard
addresses. And possible concurrency issues are likely not addressed.
Anyway, that might be of interest to you.

Side note: it is trivial to trigger the bug using "sysctl
net.inet6.ip6.v6only=0; drill @::ffff:8.8.8.8 freebsd.org"

-- 
You are receiving this mail because:
You are on the CC list for the bug.