Module Name: src
Committed By: roy
Date: Wed Apr 22 19:32:11 UTC 2020
Modified Files:
src/sys/netinet6: nd6_nbr.c
Log Message:
inet6: nd6_na_input() now considers ln_state <= ND6_LLINFO_INCOMPLETE
Otherwise if ln_state != ND6_LLINFO_INCOMPLETE and the is no lladdr
and this message was solicited then ln_state is set to ND6_LLINFO_REACHABLE
which could then cause a panic in nd6_resolve().
If ln_state > ND6_LLINFO_INCOMPLETE then it's assumed we have a lladdr.
Potentially this could have been triggered by the introduction of
ND6_LLINFO_PURGE in nd6.c r1.143 but also by the re-introduction of
ND6_LLINFO_INCOMPLETE in nd6.c r1.263.
Depending on the timing, it's technically possible to receive such
a message after the llentry is created with ND6_LLINFO_NOSTATE.
To generate a diff of this commit:
cvs rdiff -u -r1.177 -r1.178 src/sys/netinet6/nd6_nbr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/nd6_nbr.c
diff -u src/sys/netinet6/nd6_nbr.c:1.177 src/sys/netinet6/nd6_nbr.c:1.178
--- src/sys/netinet6/nd6_nbr.c:1.177 Mon Mar 9 21:20:56 2020
+++ src/sys/netinet6/nd6_nbr.c Wed Apr 22 19:32:11 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: nd6_nbr.c,v 1.177 2020/03/09 21:20:56 roy Exp $ */
+/* $NetBSD: nd6_nbr.c,v 1.178 2020/04/22 19:32:11 roy Exp $ */
/* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.177 2020/03/09 21:20:56 roy Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.178 2020/04/22 19:32:11 roy Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -735,7 +735,7 @@ nd6_na_input(struct mbuf *m, int off, in
goto freeit;
rt_cmd = 0;
- if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
+ if (ln->ln_state <= ND6_LLINFO_INCOMPLETE) {
/*
* If the link-layer has address, and no lladdr option came,
* discard the packet.
