icmp6_reflect() sends ICMPv6 message with new IPv6 header. So, it is
considered as originated by our host packet. And thus rcvif should be NULL, since it is used by ipfw(4) to determine that packet was originated from this host. Some of icmp6_reflect() consumers reuse mbuf and m_pkthdr without resetting rcvif pointer. To avoid this always reset m_pkthdr.rcvif pointer to NULL in icmp6_reflect(). Also remove such line and comment describing this from icmp6_error(), since it does not longer matters. PR: 227674 Reported by: eugen MFC after: 1 week
This commit is contained in:
Andrey V. Elsukov
parent
eb69ed7f87
commit
849eeaa592
@ -383,15 +383,6 @@ icmp6_error(struct mbuf *m, int type, int code, int param)
|
||||
icmp6->icmp6_code = code;
|
||||
icmp6->icmp6_pptr = htonl((u_int32_t)param);
|
||||
|
||||
/*
|
||||
* icmp6_reflect() is designed to be in the input path.
|
||||
* icmp6_error() can be called from both input and output path,
|
||||
* and if we are in output path rcvif could contain bogus value.
|
||||
* clear m->m_pkthdr.rcvif for safety, we should have enough scope
|
||||
* information in ip header (nip6).
|
||||
*/
|
||||
m->m_pkthdr.rcvif = NULL;
|
||||
|
||||
ICMP6STAT_INC(icp6s_outhist[type]);
|
||||
icmp6_reflect(m, sizeof(struct ip6_hdr)); /* header order: IPv6 - ICMPv6 */
|
||||
|
||||
@ -2183,7 +2174,7 @@ icmp6_reflect(struct mbuf *m, size_t off)
|
||||
*/
|
||||
|
||||
m->m_flags &= ~(M_BCAST|M_MCAST);
|
||||
|
||||
m->m_pkthdr.rcvif = NULL;
|
||||
ip6_output(m, NULL, NULL, 0, NULL, &outif, NULL);
|
||||
if (outif)
|
||||
icmp6_ifoutstat_inc(outif, type, code);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user