mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
pf tests: test IPv6 fragmentation with link-local addresses
We've observed a panic after pf_refragment6() with link-local addresses, because pf_refragment6() calls ip6_forward() even for a simple output case. That results in us entering ip6_forward() with an mbuf with a NULL m->m_pkthdr.rcvif, which can cause a NULL deref (but seemingly not for GUAs. Test sending fragmented link-local packets to pf. MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D39063
This commit is contained in:
parent
80e76c61cc
commit
225e85513f
|
@ -103,6 +103,10 @@ v6_body()
|
|||
jexec singsing ifconfig ${epair_link}b inet6 -ifdisabled
|
||||
ifconfig ${epair_send}a inet6 -ifdisabled
|
||||
|
||||
ifconfig ${epair_send}a
|
||||
jexec alcatraz ifconfig ${epair_send}b
|
||||
lladdr=$(jexec alcatraz ifconfig ${epair_send}b | awk '/ scopeid / { print($2); }' | cut -f 1 -d %)
|
||||
|
||||
jexec alcatraz pfctl -e
|
||||
pft_set_rules alcatraz \
|
||||
"scrub fragment reassemble" \
|
||||
|
@ -120,6 +124,12 @@ v6_body()
|
|||
atf_check -s exit:0 -o ignore\
|
||||
ping -6 -c 1 -b 70000 -s 65000 2001:db8:42::2
|
||||
|
||||
# Force an NDP lookup
|
||||
ping -6 -c 1 ${lladdr}%${epair_send}a
|
||||
|
||||
atf_check -s exit:0 -o ignore\
|
||||
ping -6 -c 1 -b 70000 -s 65000 ${lladdr}%${epair_send}a
|
||||
|
||||
# Forwarding test
|
||||
atf_check -s exit:0 -o ignore \
|
||||
ping -6 -c 1 2001:db8:43::3
|
||||
|
|
Loading…
Reference in a new issue