Dear, I'm facing some crash around manipulations of IPv6 address. I already found that the commit 275593 will fix my issue. However, after some code review, i see a possible race in the function nd6_na_input: https://svnweb.freebsd.org/base/head/sys/netinet6/nd6_nbr.c?annotate=279676#l750 =-=-=-=-=-=-=-=-=-= if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { ifa_free(ifa); nd6_dad_na_input(ifa); goto freeit; } =-=-=-=-=-=-=-=-=-= As you can see, the function drop its reference on the address and pass it to nd6_dad_na_input. It should be better to release the reference after the call. What about you? Regards -- Alexandre Martins STORMSHIELD
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:56 UTC