Versions Affected : All verisons prior to FreeNAS 11.3-U2


Description

Pseudo header checksum calculations can be delayed until the IPv6 output routine or offloaded to the NIC.

In case IPv6 extension headers are present, FreeBSD currently never offloads to the NIC. When passing the data to the functions doing the delayed checksum calculations, the contents of the extension headers were erroneously included as part of the checksum. Upper layer transport protocol checksums may be wrong for IPv6 packets, such as IPv6 fragments, or IPv6 packets with a Destination Options or Hop-by-Hop Options extension header.


Workaround

No workaround is available. Packets sent over IPv4 or IPv6 without any extension headers are unaffected.


Mitigation

  • Upgrade to FreeNAS 11.3-U2 or later.

Commit


Further information