On Mon, May 23, 2016 at 02:47:02PM +0200, Martin Pieuchot wrote:
> @@ -5506,6 +5506,7 @@ pf_route(struct mbuf **m, struct pf_rule
> int error = 0;
> unsigned int rtableid;
>
> +
> if (m == NULL || *m == NULL || r == NULL ||
> (dir != PF_IN && dir != PF_OUT) || oifp == NULL)
> panic("pf_route: invalid parameters");
No double empty line please.
> @@ -750,7 +750,15 @@ pf_refragment6(struct mbuf **m0, struct
> if (ifp == NULL) {
> ip6_forward(m, 0);
> } else if ((u_long)m->m_pkthdr.len <= ifp->if_mtu) {
> - nd6_output(ifp, m, dst, NULL);
> + struct rtentry *rt;
> + rt = rtalloc(sin6tosa(dst), RT_RESOLVE,
> + m->m_pkthdr.ph_rtableid);
Should we place the rtalloc() outside of the loop and use the same
route or all fragments?
> + if (rt == NULL) {
> + ip6stat.ip6s_noroute++;
m_freem(m) is missing, you leak a mbuf in this case.
> + } else {
> + nd6_output(ifp, m, dst, rt);
> + rtfree(rt);
> + }
> } else {
> icmp6_error(m, ICMP6_PACKET_TOO_BIG, 0,
> ifp->if_mtu);
> @@ -1507,20 +1507,15 @@ nd6_output(struct ifnet *ifp, struct mbu
> struct mbuf *m = m0;
> struct rtentry *rt = rt0;
> struct llinfo_nd6 *ln = NULL;
> - int created = 0, error = 0;
> + int error = 0;
>
> if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr))
> goto sendpkt;
No kassert rt0 != NULL in here in nd6_output() ?
>
> - /*
> - * next hop determination.
> - */
> - if (rt0 != NULL) {
> - error = rt_checkgate(rt0, &rt);
> - if (error) {
> - m_freem(m);
> - return (error);
> - }
> + error = rt_checkgate(rt0, &rt);
> + if (error) {
> + m_freem(m);
> + return (error);
> }
>
> if (nd6_need_cache(ifp) == 0)
