pf tests: test IPv6 fragmentation with link-local addresses
We've observed a panic after pf_refragment6() with link-local addresses,
because pf_refragment6() calls ip6_forward() even for a simple output
case.
That results in us entering ip6_forward() with an mbuf with a NULL
m->m_pkthdr.rcvif, which can cause a NULL deref (but seemingly not for
GUAs.
Test sending fragmented link-local packets to pf.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39063
(cherry picked from commit 225e85513f
)
This commit is contained in:
parent
17fe4735f5
commit
87b8226c7b
|
@ -102,6 +102,10 @@ v6_body()
|
|||
jexec singsing ifconfig ${epair_link}b inet6 -ifdisabled
|
||||
ifconfig ${epair_send}a inet6 -ifdisabled
|
||||
|
||||
ifconfig ${epair_send}a
|
||||
jexec alcatraz ifconfig ${epair_send}b
|
||||
lladdr=$(jexec alcatraz ifconfig ${epair_send}b | awk '/ scopeid / { print($2); }' | cut -f 1 -d %)
|
||||
|
||||
jexec alcatraz pfctl -e
|
||||
pft_set_rules alcatraz \
|
||||
"scrub fragment reassemble" \
|
||||
|
@ -120,6 +124,12 @@ v6_body()
|
|||
atf_check -s exit:0 -o ignore\
|
||||
ping -6 -c 1 -b 70000 -s 65000 2001:db8:42::2
|
||||
|
||||
# Force an NDP lookup
|
||||
ping -6 -c 1 ${lladdr}%${epair_send}a
|
||||
|
||||
atf_check -s exit:0 -o ignore\
|
||||
ping -6 -c 1 -b 70000 -s 65000 ${lladdr}%${epair_send}a
|
||||
|
||||
# Forwarding test
|
||||
atf_check -s exit:0 -o ignore \
|
||||
ping -6 -c 1 2001:db8:43::3
|
||||
|
|
Loading…
Reference in New Issue