Removing an IPv6 address does not remove NDP entries on that
subnet
Ryan Stone
rysto32 at gmail.com
Fri Mar 30 13:29:24 UTC 2012
On Fri, Mar 30, 2012 at 12:28 AM, Li, Qing <qing.li at bluecoat.com> wrote:
>> * In a way this is a good thing as in6_lltable_prefix_free() is
>> guaranteed to crash your kernel in two different ways, and that's not
>> counting the race conditions that it's subject to.
>>
>
> Could you please elaborate with some details on the two different
> ways in6_lltable_prefix_free() crashes the kernel definitively ?
First, it calls callout_drain on lle->le_timer, but that is never
initialized for a v6 llentry. Second, it never stops the ln_timer_ch
callout before it frees the llentry. Third, it modifies the lltable
without holding IF_AFDATA_LOCK(in.c has the third problem: see the
-net discussion about kern/165863).
More information about the freebsd-net
mailing list