NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/47311: rtadvd(8) crashes when RA arrives on a newly created interface



On Dec 11,  2:55pm, uwe%NetBSD.org@localhost (uwe%NetBSD.org@localhost) wrote:
-- Subject: bin/47311: rtadvd(8) crashes when RA arrives on a newly created i

| >Number:         47311
| >Category:       bin
| >Synopsis:       rtadvd(8) crashes when RA arrives on a newly created 
interface
| >Confidential:   no
| >Severity:       non-critical
| >Priority:       low
| >Responsible:    bin-bug-people
| >State:          open
| >Class:          sw-bug
| >Submitter-Id:   net
| >Arrival-Date:   Tue Dec 11 14:55:00 +0000 2012
| >Originator:     Valery Ushakov
| >Release:        NetBSD 6
| >Organization:
| >Environment:
| NetBSD amd64 6.0_STABLE NetBSD 6.0_STABLE (GENERIC) #0: Sun Nov 18 04:21:07 
MSK 2012  
uwe@amd64:/home/uwe/work/netbsd/cvs/src-release-6/sys/arch/amd64/compile/GENERIC
 amd64
| 
| >Description:
| When rtadvd(8) is up and running and a new interface is created behind
| its back it doesn't notice that.  When later an RA arrives on a new
| interface rtadvd(8) crashes at rtadvd.c:617 (line number as of rev. 1.38):
| 
|   if ((iflist[pi->ipi6_ifindex]->ifm_flags & IFF_UP) == 0) {
| 
| where pi->ipi6_ifindex names a new interface and it's out of bounds for 
| iflist[] array that was populated before the new interface was created.
| 
| >How-To-Repeat:
| I don't have a ready test case to reproduce it.  What I'm doing is I'm
| playing with lwIP stack using tap(4) bridge(4)'ed to the real ethernet.
| 
| The system has
| 
| rtadvd=YES
| rtadvd_flags="wm2"
| 
| in rc.conf(5) so rtadvd(8) is started at boot.  Later I create a tap 
interface bridged to wm1 and run lwIP on that tap.  When my lwIP app sends its 
first RA out on tap, rtadvd(8) crashes as described.
| 
| To reproduce this it's probably easiest to just create/open a tap and send 
canned ethernet frame with RA packet in it.


should make it handle RTM_IFANNOUNCE. The FreeBSD code does it; perhaps use
theirs?

christos


Home | Main Index | Thread Index | Old Index