On Fri, Feb 12, 2021 at 01:20:01PM +0100, Alexander Bluhm wrote: > On Fri, Feb 12, 2021 at 01:11:24PM +0100, Claudio Jeker wrote: > > On Fri, Feb 12, 2021 at 12:03:49PM +0000, Ricardo Mestre wrote: > > > This was reported on CID 1501718, ifp starts as NULL and then might be > > > deref'ed. > > > > This code is strange, the scope for the IPv6 address needs to be pulled > > out of s (pf_state) somehow. Also is the state using embedded or > > not-embedded scope addresses? > > I was already discussung the issue with dlg@ > > We both think that the code is not necessary. The address comes > from pf configuration. pf does nor work correctly with IPv6 > link-local anyway. I think the only way to fix pf with link-local, > is to embed the scope for all addresses within pf. > > Current code is broken, embeding here cannot work, pf link-local > needs rework, remove code makes rework easier. > > ok?
I came to the same conclusion. I agree that this is currently unfixable and so removing this bit of code is correct. OK claudio@ > bluhm > > Index: net/pf.c > =================================================================== > RCS file: /data/mirror/openbsd/cvs/src/sys/net/pf.c,v > retrieving revision 1.1108 > diff -u -p -r1.1108 pf.c > --- net/pf.c 4 Feb 2021 00:55:41 -0000 1.1108 > +++ net/pf.c 12 Feb 2021 12:06:47 -0000 > @@ -6156,8 +6156,6 @@ pf_route6(struct pf_pdesc *pd, struct pf > dst->sin6_addr = s->rt_addr.v6; > rtableid = m0->m_pkthdr.ph_rtableid; > > - if (IN6_IS_SCOPE_EMBED(&dst->sin6_addr)) > - dst->sin6_addr.s6_addr16[1] = htons(ifp->if_index); > rt = rtalloc(sin6tosa(dst), RT_RESOLVE, rtableid); > if (!rtisvalid(rt)) { > if (s->rt != PF_DUPTO) { > -- :wq Claudio