From owner-svn-src-head@freebsd.org Mon Aug 31 16:06:23 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 130293C56FC for ; Mon, 31 Aug 2020 16:06:23 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BgFSG6s7sz3TQY for ; Mon, 31 Aug 2020 16:06:22 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qv1-f51.google.com (mail-qv1-f51.google.com [209.85.219.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id C38602F497 for ; Mon, 31 Aug 2020 16:06:22 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qv1-f51.google.com with SMTP id cy2so2163081qvb.0 for ; Mon, 31 Aug 2020 09:06:22 -0700 (PDT) X-Gm-Message-State: AOAM533SyG1/NAFy/rkJUKwyXNeNRCaSfgplO7L+l7EV40FvCSiDrvx/ 5YZI177AalYOHWvZJ0k3QfJTZFnK25bz3rAn0/4= X-Received: by 2002:ad4:4cce:: with SMTP id i14mt931290qvz.241.1598889982278; Mon, 31 Aug 2020 09:06:22 -0700 (PDT) MIME-Version: 1.0 References: <202008310145.07V1jn1e003692@repo.freebsd.org> In-Reply-To: <202008310145.07V1jn1e003692@repo.freebsd.org> From: Kyle Evans Date: Mon, 31 Aug 2020 11:06:10 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r364982 - head/sys/netinet6 Cc: src-committers , svn-src-all , svn-src-head , Mira Ressel Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Aug 2020 16:06:23 -0000 On Sun, Aug 30, 2020 at 8:45 PM Kyle Evans wrote: > > Author: kevans > Date: Mon Aug 31 01:45:48 2020 > New Revision: 364982 > URL: https://svnweb.freebsd.org/changeset/base/364982 > > Log: > ipv6: quit dropping packets looping back on p2p interfaces > > To paraphrase the below-referenced PR: > > This logic originated in the KAME project, and was even controversial when > it was enabled there by default in 2001. No such equivalent logic exists in > the IPv4 stack, and it turns out that this leads to us dropping valid > traffic when the "point to point" interface is actually a 1:many tun > interface, e.g. with the wireguard userland stack. > > Even in the case of true point-to-point links, this logic only avoids > transient looping of packets sent by misconfigured applications or > attackers, which can be subverted by proper route configuration rather than > hardcoded logic in the kernel to drop packets. > > In the review, melifaro goes on to note that the kernel can't fix it, so it > perhaps shouldn't try to be 'smart' about it. Additionally, that TTL will > still kick in even with incorrect route configuration. > > PR: 247718 > Reviewed by: melifaro, rgrimes > MFC after: 1 week > Differential Revision: https://reviews.freebsd.org/D25567 > I should note that this was: Submitted by: Mira Ressel It was then put into review form by Lutz Donnerhacke to help guide the patch into the correct hands. Apologies for the omission- Kyle Evans