When receiving the following packet, ipfilter enters a loop in the frpr_ipv6hdr function making the whole system unresponsive. More recent versions of FreeBSD (e.g. 8.x) seem to be affected as they are using the same version of ipfilter. # tcpdump -n -X -r AC_458632.pak reading from file AC_458632.pak, link-type EN10MB (Ethernet) 01:00:00.000453 IP6 truncated-ip6 - 32724 bytes missing!:: > 80::: frag (0|32760) AH(spi=0x00000000,seq=0x33000000): HBH AH(spi=0x00000000,seq=0x0): HBH [|HBH] 0x0000: 6000 0000 8000 2c00 0000 0000 0000 0000 `.....,......... 0x0010: 0000 0000 0000 0000 0080 0000 0000 0000 ................ 0x0020: 0000 0000 0000 0000 3300 0004 0000 0000 ........3....... 0x0030: 0000 0000 0000 0000 3300 0000 0000 0000 ........3....... 0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0050: 0000 0000 The problem seems to have been corrected in ipfilter 4.1.31. Fix: Install ipfilter v4.1.31. How-To-Repeat: enable ipfilter. enable ipv6 and ipv6 forwarding. send packet through filter.
Responsible Changed From-To: freebsd-bugs->freebsd-net Over to maintainer(s).
Responsible Changed From-To: freebsd-net->cy Mine.
Is this still an issue under FreeBSD 10.3 or 11.0 (ipfilter 5.1.2)?
Timeout.