Module Name: src Committed By: roy Date: Wed Apr 22 19:32:11 UTC 2020
Modified Files: src/sys/netinet6: nd6_nbr.c Log Message: inet6: nd6_na_input() now considers ln_state <= ND6_LLINFO_INCOMPLETE Otherwise if ln_state != ND6_LLINFO_INCOMPLETE and the is no lladdr and this message was solicited then ln_state is set to ND6_LLINFO_REACHABLE which could then cause a panic in nd6_resolve(). If ln_state > ND6_LLINFO_INCOMPLETE then it's assumed we have a lladdr. Potentially this could have been triggered by the introduction of ND6_LLINFO_PURGE in nd6.c r1.143 but also by the re-introduction of ND6_LLINFO_INCOMPLETE in nd6.c r1.263. Depending on the timing, it's technically possible to receive such a message after the llentry is created with ND6_LLINFO_NOSTATE. To generate a diff of this commit: cvs rdiff -u -r1.177 -r1.178 src/sys/netinet6/nd6_nbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet6/nd6_nbr.c diff -u src/sys/netinet6/nd6_nbr.c:1.177 src/sys/netinet6/nd6_nbr.c:1.178 --- src/sys/netinet6/nd6_nbr.c:1.177 Mon Mar 9 21:20:56 2020 +++ src/sys/netinet6/nd6_nbr.c Wed Apr 22 19:32:11 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6_nbr.c,v 1.177 2020/03/09 21:20:56 roy Exp $ */ +/* $NetBSD: nd6_nbr.c,v 1.178 2020/04/22 19:32:11 roy Exp $ */ /* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */ /* @@ -31,7 +31,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.177 2020/03/09 21:20:56 roy Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.178 2020/04/22 19:32:11 roy Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -735,7 +735,7 @@ nd6_na_input(struct mbuf *m, int off, in goto freeit; rt_cmd = 0; - if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { + if (ln->ln_state <= ND6_LLINFO_INCOMPLETE) { /* * If the link-layer has address, and no lladdr option came, * discard the packet.