upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pf: allow MLD LR to be sent without state

Browse source 
Change PF behavior to allow MLD Listener Report packets to be sent
without needing a previously created state by MLD Listener Query. It
wasn't working because: (1) you might not have a previous MLD Listener
Query and (2) the addresses of the Query and Report don't match.

ok mikeb@, sashan@

Approved by:	so
Security:	FreeBSD-SA-24:05.pf
Security:	CVE-2024-6640
MFC after:	1 day
Obtained From:	OpenBSD, rzalamena <rzalamena@openbsd.org>, 5c526dbdb0f2
Sponsored by:	Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 1afe4da75d1d2acd33b25eea942af28aa41c82c2)
(cherry picked from commit 3382c691dc)
This commit is contained in:
Kristof Provost 2024-07-10 14:36:18 +02:00 committed by Franco Fichtner
parent ee1b7126a9
commit 9b2e3cf60b
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
sys/netpfil/pf/pf.c
View file

@ -1868,8 +1868,15 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
break;
case MLD_LISTENER_QUERY:
*icmp_dir = PF_IN;
case MLD_LISTENER_REPORT: {
/*
* Listener Report can be sent by clients
* without an associated Listener Query.
* In addition to that, when Report is sent as a
* reply to a Query its source and destination
* address are different.
*/
*icmp_dir = PF_IN;
*virtual_type = MLD_LISTENER_QUERY;
*virtual_id = 0;
break;