svn commit: r329581 - stable/11/sys/netinet6
Eric van Gyzen
vangyzen at FreeBSD.org
Mon Feb 19 15:54:27 UTC 2018
Author: vangyzen
Date: Mon Feb 19 15:54:26 2018
New Revision: 329581
URL: https://svnweb.freebsd.org/changeset/base/329581
Log:
MFC r329053
Fix ICMPv6 redirects
icmp6_redirect_input() validates that a redirect packet came from the
current gateway for the respective destination. To do this, it compares
the source address, which has an embedded scope zone id, to the next-hop
address, which does not. If the address is link-local, which should be
the case, the comparison fails and the redirect is ignored.
Insert the scope zone id into the next-hop address so the comparison
is accurate.
Unsurprisingly, this fixes 35 UNH IPv6 conformance test cases.
Submitted by: Farrell Woods <Farrell_Woods at Dell.com> (initial revision)
Reviewed by: ae melifaro dab
Relnotes: yes
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D14254
Modified:
stable/11/sys/netinet6/icmp6.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet6/icmp6.c
==============================================================================
--- stable/11/sys/netinet6/icmp6.c Mon Feb 19 15:49:27 2018 (r329580)
+++ stable/11/sys/netinet6/icmp6.c Mon Feb 19 15:54:26 2018 (r329581)
@@ -2302,6 +2302,14 @@ icmp6_redirect_input(struct mbuf *m, int off)
goto bad;
}
+ /*
+ * Embed scope zone id into next hop address, since
+ * fib6_lookup_nh_basic() returns address without embedded
+ * scope zone id.
+ */
+ if (in6_setscope(&nh6.nh_addr, m->m_pkthdr.rcvif, NULL))
+ goto freeit;
+
if (IN6_ARE_ADDR_EQUAL(&src6, &nh6.nh_addr) == 0) {
nd6log((LOG_ERR,
"ICMP6 redirect rejected; "
More information about the svn-src-stable-11
mailing list