opnsense-src

mirror of https://github.com/opnsense/src.git synced 2026-02-22 01:11:30 -05:00

History

Hans Petter Selasky a55383e720 Fix panic in network stack due to use after free when receiving partial fragmented packets before a network interface is detached. When sending IPv4 or IPv6 fragmented packets and a fragment is lost before the network device is freed, the mbuf making up the fragment will remain in the temporary hashed fragment list and cause a panic when it times out due to accessing a freed network interface structure. 1) Make sure the m_pkthdr.rcvif always points to a valid network interface. Else the rcvif field should be set to NULL. 2) Use the rcvif of the last received fragment as m_pkthdr.rcvif for the fully defragged packet, instead of the first received fragment. Panic backtrace for IPv6: panic() icmp6_reflect() # tries to access rcvif->if_afdata[AF_INET6]->xxx icmp6_error() frag6_freef() frag6_slowtimo() pfslowtimo() softclock_call_cc() softclock() ithread_loop() Reviewed by: bz Differential Revision: https://reviews.freebsd.org/D19622 MFC after: 1 week Sponsored by: Mellanox Technologies		2019-10-16 09:11:49 +00:00
..
dest6.c
frag6.c	Fix panic in network stack due to use after free when receiving	2019-10-16 09:11:49 +00:00
icmp6.c	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
icmp6.h
in6.c	in6ifa_llaonifp() is never called from fast path, so do not require	2019-10-14 15:33:53 +00:00
in6.h	Convert all IPv4 and IPv6 multicast memberships into using a STAILQ	2019-06-25 11:54:41 +00:00
in6_cksum.c
in6_fib.c
in6_fib.h
in6_gif.c
in6_ifattach.c	Don't cover in6_ifattach() with network epoch, as it may call into	2019-10-13 04:25:16 +00:00
in6_ifattach.h
in6_jail.c
in6_mcast.c	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
in6_pcb.c	IPv6 cleanup: kernel	2019-08-02 07:41:36 +00:00
in6_pcb.h	IPv6 cleanup: kernel	2019-08-02 07:41:36 +00:00
in6_pcbgroup.c
in6_proto.c	frag6.c: move variables and sysctls into local file	2019-08-02 10:29:53 +00:00
in6_rmx.c
in6_rss.c
in6_rss.h
in6_src.c	IPv6 cleanup: kernel	2019-08-02 07:41:36 +00:00
in6_var.h	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
ip6.h
ip6_ecn.h
ip6_fastfwd.c	New pfil(9) KPI together with newborn pfil API and control utility.	2019-01-31 23:01:03 +00:00
ip6_forward.c	Add a missing include of opt_sctp.h.	2019-10-12 22:58:33 +00:00
ip6_gre.c	Add GRE-in-UDP encapsulation support as defined in RFC8086.	2019-04-24 09:05:45 +00:00
ip6_id.c	ip6_randomflowlabel: Avoid blocking if random(4) is not available	2019-04-23 17:18:20 +00:00
ip6_input.c	When processing an incoming IPv6 packet over the loopback interface which	2019-09-19 10:22:29 +00:00
ip6_mroute.c	Plug some networking sysctl leaks.	2018-11-22 20:49:41 +00:00
ip6_mroute.h
ip6_output.c	ip6_output() has a complex set of gotos, and some can jump out of	2019-10-09 17:02:28 +00:00
ip6_var.h	frag6: move public structure into file local space.	2019-08-08 10:59:54 +00:00
ip6protosw.h
ip_fw_nat64.h	Reapply r345274 with build fixes for 32-bit architectures.	2019-03-19 10:57:03 +00:00
ip_fw_nptv6.h	Add ability to use dynamic external prefix in ipfw_nptv6 module.	2018-11-12 11:20:59 +00:00
mld6.c	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
mld6.h
mld6_var.h	Fix refcounting leaks in IPv6 MLD code leading to loss of IPv6	2019-01-24 08:34:13 +00:00
nd6.c	Don't cover in6_ifattach() with network epoch, as it may call into	2019-10-13 04:25:16 +00:00
nd6.h	Update for IETF draft-ietf-6man-ipv6only-flag.	2019-03-07 23:03:39 +00:00
nd6_nbr.c	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
nd6_rtr.c	Widen NET_EPOCH coverage.	2019-10-07 22:40:05 +00:00
pim6.h
pim6_var.h
raw_ip6.c	Revert changes to rip6_bind() from r353292. This function is always	2019-10-09 05:52:07 +00:00
raw_ip6.h
route6.c
scope6.c	Mechanical cleanup of epoch(9) usage in network stack.	2019-01-09 01:11:19 +00:00
scope6_var.h
sctp6_usrreq.c	Remove line not needed.	2019-10-13 09:35:03 +00:00
sctp6_var.h
send.c
send.h
tcp6_var.h
udp6_usrreq.c	r348494 fixes a race in udp_output(). The same race exists in	2019-07-13 12:45:08 +00:00
udp6_var.h