Author: vangyzen
Date: Mon Feb 19 15:54:26 2018
New Revision: 329581

  MFC r329053
  Fix ICMPv6 redirects
  icmp6_redirect_input() validates that a redirect packet came from the
  current gateway for the respective destination.  To do this, it compares
  the source address, which has an embedded scope zone id, to the next-hop
  address, which does not.  If the address is link-local, which should be
  the case, the comparison fails and the redirect is ignored.
  Insert the scope zone id into the next-hop address so the comparison
  is accurate.
  Unsurprisingly, this fixes 35 UNH IPv6 conformance test cases.
  Submitted by: Farrell Woods <> (initial revision)
  Reviewed by:  ae melifaro dab
  Relnotes:     yes
  Sponsored by: Dell EMC
  Differential Revision:

Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netinet6/icmp6.c
--- stable/11/sys/netinet6/icmp6.c      Mon Feb 19 15:49:27 2018        
+++ stable/11/sys/netinet6/icmp6.c      Mon Feb 19 15:54:26 2018        
@@ -2302,6 +2302,14 @@ icmp6_redirect_input(struct mbuf *m, int off)
                        goto bad;
+               /*
+                * Embed scope zone id into next hop address, since
+                * fib6_lookup_nh_basic() returns address without embedded
+                * scope zone id.
+                */
+               if (in6_setscope(&nh6.nh_addr, m->m_pkthdr.rcvif, NULL))
+                       goto freeit;
                if (IN6_ARE_ADDR_EQUAL(&src6, &nh6.nh_addr) == 0) {
                            "ICMP6 redirect rejected; "
_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to