Date: Wed, 2 Oct 2019 17:04:23 -0400 From: Ryan Stone <rysto32@gmail.com> To: freebsd-net <freebsd-net@freebsd.org> Subject: IPv6: Invalid nd6 entry created for an RA without an lladdr Message-ID: <CAFMmRNwntj7aKAPk1D-7%2BCvxRjtPTWX3J7qE0xkAbD=Y%2BdVbxw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
At work, our product is putting through an IPv6 conformance test and it's found an issue in our handling of Routing Advertisements (RAs). If we receive an RA that does not specify an lladdr, then nd6_cache_lladdr() is called with lladdr NULL: https://svnweb.freebsd.org/base/head/sys/netinet6/nd6.c?revision=347984&view=markup#l1961 In this case, the linkhdr cache is never initialized, but we still put the entry in the STALE state at line 2032. Because the entry is in the STALE state, nd6_resolve_slow() will happily return the uninitialized data to callers, causing us to send packets with a garbage link-layer header: https://svnweb.freebsd.org/base/head/sys/netinet6/nd6.c?revision=347984&view=markup#l2410 I'm unsure what the standard says is the right behaviour in this situation and before I start digging through RFCs, I was wondering if anybody knew what the right thing to do is. I've played with not putting the nd6 entry into the STALE state if we don't have an lladdr, and while it seems to work I'm unsure if it's the right thing to do. If people are curious, the RA-handling code that calls into nd6_cache_lladdr can be found here: https://svnweb.freebsd.org/base/head/sys/netinet6/nd6_rtr.c?revision=348121&view=markup#l185
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFMmRNwntj7aKAPk1D-7%2BCvxRjtPTWX3J7qE0xkAbD=Y%2BdVbxw>