From owner-dev-commits-src-all@freebsd.org Wed May 19 01:04:31 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C20AF63362C; Wed, 19 May 2021 01:04:31 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FlF5C4Bcvz3GlQ; Wed, 19 May 2021 01:04:31 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 14J14RpI001048; Tue, 18 May 2021 18:04:27 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 14J14Rh6001047; Tue, 18 May 2021 18:04:27 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <202105190104.14J14Rh6001047@gndrsh.dnsmgr.net> Subject: Re: git: 3d846e48227e - main - Do not forward datagrams originated by link-local addresses In-Reply-To: To: Joe Clarke Date: Tue, 18 May 2021 18:04:27 -0700 (PDT) CC: Lutz Donnerhacke , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Reply-To: rgrimes@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 4FlF5C4Bcvz3GlQ X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 May 2021 01:04:31 -0000 > Just out of curiosity, why remove the RFC reference from the comment? Seems useful for those that want to know why this is a good practice. RFC's are not immutable and more often that not an RFC comment is out dated in the src. As an example, network "10/8", original RFC 1627, obsoleted by 1918, but the ietf tracker doesnt tell you that this was covered in RFC5735, obsoleted by 6890, updated by 8190 (the 169.254.0.0/16 block is covered in 6890 with no changes to that part by 8190....) SOOOO.. RFC references are very hard to keep upto date and correct. > > Joe > > PGP Key : https://www.marcuscom.com/pgp.asc > > > On May 18, 2021, at 17:01, Lutz Donnerhacke wrote: > > > > ?The branch main has been updated by donner: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=3d846e48227e2e78c1e7b35145f57353ffda56ba > > > > commit 3d846e48227e2e78c1e7b35145f57353ffda56ba > > Author: Zhenlei Huang > > AuthorDate: 2021-05-18 20:51:37 +0000 > > Commit: Lutz Donnerhacke > > CommitDate: 2021-05-18 20:59:46 +0000 > > > > Do not forward datagrams originated by link-local addresses > > > > The current implement of ip_input() reject packets destined for > > 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local > > addresses. > > > > Fix to fully respect RFC 3927 section 2.7. > > > > PR: 255388 > > Reviewed by: donner, rgrimes, karels > > MFC after: 1 month > > Differential Revision: https://reviews.freebsd.org/D29968 > > --- > > sys/netinet/ip_input.c | 16 +++++++++------- > > 1 file changed, 9 insertions(+), 7 deletions(-) > > > > diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c > > index 43d375c2385f..1139e3a5abfa 100644 > > --- a/sys/netinet/ip_input.c > > +++ b/sys/netinet/ip_input.c > > @@ -738,15 +738,10 @@ passin: > > } > > ia = NULL; > > } > > - /* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */ > > - if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) { > > - IPSTAT_INC(ips_cantforward); > > - m_freem(m); > > - return; > > - } > > if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { > > MROUTER_RLOCK(); > > - if (V_ip_mrouter) { > > + /* Do not forward packets from IN_LINKLOCAL. */ > > + if (V_ip_mrouter && !IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { > > /* > > * If we are acting as a multicast router, all > > * incoming multicast packets are passed to the > > @@ -785,6 +780,13 @@ passin: > > goto ours; > > if (ip->ip_dst.s_addr == INADDR_ANY) > > goto ours; > > + /* Do not forward packets to or from IN_LINKLOCAL. */ > > + if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr)) || > > + IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { > > + IPSTAT_INC(ips_cantforward); > > + m_freem(m); > > + return; > > + } > > > > /* > > * Not for us; forward if possible and desirable. > > _______________________________________________ > > dev-commits-src-all@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all > > To unsubscribe, send any mail to "dev-commits-src-all-unsubscribe@freebsd.org" > > > -- Rod Grimes rgrimes@freebsd.org