DragonFlyBSD Kernel Audit
← dashboard
DF-0310

Non-atomic increment of global fragment ID (ip6_id): data race / predictable fragment IDs

Summary

ip6_id++(:753) non-atomic RMW no lock/crit/atomic. Multiple netisr CPUs race -> lost increments, duplicate IDs for unrelated flows, more predictable sequence. Weakens fragment ID as authenticator against off-path IPv6 fragment injection.