From owner-svn-src-all@freebsd.org Thu May 28 07:26:19 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C181C328C8F; Thu, 28 May 2020 07:26:19 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49XfQ34mQRz43cg; Thu, 28 May 2020 07:26:19 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9ECC922665; Thu, 28 May 2020 07:26:19 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04S7QJR1043276; Thu, 28 May 2020 07:26:19 GMT (envelope-from melifaro@FreeBSD.org) Received: (from melifaro@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04S7QJg5043274; Thu, 28 May 2020 07:26:19 GMT (envelope-from melifaro@FreeBSD.org) Message-Id: <202005280726.04S7QJg5043274@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: melifaro set sender to melifaro@FreeBSD.org using -f From: "Alexander V. Chernikov" Date: Thu, 28 May 2020 07:26:19 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361572 - in head/sys: netinet netinet6 X-SVN-Group: head X-SVN-Commit-Author: melifaro X-SVN-Commit-Paths: in head/sys: netinet netinet6 X-SVN-Commit-Revision: 361572 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2020 07:26:19 -0000 Author: melifaro Date: Thu May 28 07:26:18 2020 New Revision: 361572 URL: https://svnweb.freebsd.org/changeset/base/361572 Log: Switch gif(4) path verification to fib[46]_check_urfp(). fibX_lookup_nh_ represents pre-epoch generation of fib api, providing less guarantees over pointer validness and requiring on-stack data copying. Use specialized fib[46]_check_urpf() from newer KPI instead, to allow removal of older KPI. Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D24978 Modified: head/sys/netinet/in_gif.c head/sys/netinet6/in6_gif.c Modified: head/sys/netinet/in_gif.c ============================================================================== --- head/sys/netinet/in_gif.c Thu May 28 07:23:27 2020 (r361571) +++ head/sys/netinet/in_gif.c Thu May 28 07:26:18 2020 (r361572) @@ -379,13 +379,8 @@ done: return (0); /* ingress filters on outer source */ if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) { - struct nhop4_basic nh4; - struct in_addr dst; - - dst = ip->ip_src; - if (fib4_lookup_nh_basic(sc->gif_fibnum, dst, 0, 0, &nh4) != 0) - return (0); - if (nh4.nh_ifp != m->m_pkthdr.rcvif) + if (fib4_check_urpf(sc->gif_fibnum, ip->ip_src, 0, NHR_NONE, + m->m_pkthdr.rcvif) == 0) return (0); } *arg = sc; Modified: head/sys/netinet6/in6_gif.c ============================================================================== --- head/sys/netinet6/in6_gif.c Thu May 28 07:23:27 2020 (r361571) +++ head/sys/netinet6/in6_gif.c Thu May 28 07:26:18 2020 (r361572) @@ -402,13 +402,9 @@ done: return (0); /* ingress filters on outer source */ if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) { - struct nhop6_basic nh6; - - if (fib6_lookup_nh_basic(sc->gif_fibnum, &ip6->ip6_src, - ntohs(in6_getscope(&ip6->ip6_src)), 0, 0, &nh6) != 0) - return (0); - - if (nh6.nh_ifp != m->m_pkthdr.rcvif) + if (fib6_check_urpf(sc->gif_fibnum, &ip6->ip6_src, + ntohs(in6_getscope(&ip6->ip6_src)), NHR_NONE, + m->m_pkthdr.rcvif) == 0) return (0); } *arg = sc;