Date: Fri, 13 Mar 2026 11:41:31 +0000 From: Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 75f1665f3346 - main - ndp: Fix free after use and exclude delayed proxy Message-ID: <69b3f7eb.1e0a8.4bd61a06@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by pouria: URL: https://cgit.FreeBSD.org/src/commit/?id=75f1665f33463e9ee0aaa63af0a875e6c46f8755 commit 75f1665f33463e9ee0aaa63af0a875e6c46f8755 Author: Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org> AuthorDate: 2026-03-13 11:36:04 +0000 Commit: Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org> CommitDate: 2026-03-13 11:36:04 +0000 ndp: Fix free after use and exclude delayed proxy PR: 293777 Fixes: f37fbe30f559 ("ndp: implement delayed ...") --- sys/netinet6/nd6_nbr.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c index 0a34e0e3628e..25786ebc0ea1 100644 --- a/sys/netinet6/nd6_nbr.c +++ b/sys/netinet6/nd6_nbr.c @@ -361,7 +361,7 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) * be delayed by a random time between 0 and MAX_ANYCAST_DELAY_TIME * to reduce the probability of network congestion. */ - if (anycast == 0 && proxy == 0) + if (anycast == 0) nd6_na_output_fib(ifp, &saddr6, &taddr6, rflag, tlladdr, proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m)); else @@ -1652,16 +1652,16 @@ static void nd6_queue_rel(void *arg) { struct nd_queue *ndq = arg; - struct ifnet *ifp = ndq->ndq_ifa->ifa_ifp; - - IF_ADDR_WLOCK_ASSERT(ifp); + struct ifaddr *ifa = ndq->ndq_ifa; - /* Remove ndq from the nd_queue and release its reference */ - TAILQ_REMOVE(&ifp->if_inet6->nd_queue, ndq, ndq_list); - IF_ADDR_WUNLOCK(ifp); + IF_ADDR_WLOCK_ASSERT(ifa->ifa_ifp); - ifa_free(ndq->ndq_ifa); + /* Remove ndq from the nd_queue and free it */ + TAILQ_REMOVE(&ifa->ifa_ifp->if_inet6->nd_queue, ndq, ndq_list); free(ndq, M_IP6NDP); + IF_ADDR_WUNLOCK(ifa->ifa_ifp); + + ifa_free(ifa); } static void @@ -1671,6 +1671,7 @@ nd6_queue_timer(void *arg) struct ifaddr *ifa = ndq->ndq_ifa; struct ifnet *ifp = ifa->ifa_ifp; struct in6_ifextra *ext = ifp->if_inet6; + struct in6_addr daddr; struct epoch_tracker et; int delay, tlladdr; u_long flags; @@ -1680,6 +1681,7 @@ nd6_queue_timer(void *arg) CURVNET_SET(ifp->if_vnet); NET_EPOCH_ENTER(et); + daddr = ndq->ndq_daddr; tlladdr = ND6_NA_OPT_LLA; flags = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0; if ((ext->nd_flags & ND6_IFF_ACCEPT_RTADV) != 0 && V_ip6_norbit_raif) @@ -1713,8 +1715,8 @@ nd6_queue_timer(void *arg) callout_reset(&ndq->ndq_callout, delay, nd6_queue_rel, ndq); IF_ADDR_WUNLOCK(ifp); - if (__predict_true(in6_setscope(&ndq->ndq_daddr, ifp, NULL) == 0)) - nd6_na_output_fib(ifp, &ndq->ndq_daddr, IFA_IN6(ifa), flags, tlladdr, + if (__predict_true(in6_setscope(&daddr, ifp, NULL) == 0)) + nd6_na_output_fib(ifp, &daddr, IFA_IN6(ifa), flags, tlladdr, NULL, ifp->if_fib); NET_EPOCH_EXIT(et);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69b3f7eb.1e0a8.4bd61a06>