Date: Tue, 18 May 2021 21:57:14 -0400 From: Joe Clarke <jclarke@marcuscom.com> To: rgrimes@freebsd.org Cc: Lutz Donnerhacke <donner@freebsd.org>, src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 3d846e48227e - main - Do not forward datagrams originated by link-local addresses Message-ID: <79D18D6B-EDD7-4FB4-B3C6-7755A3B9F5F3@marcuscom.com> In-Reply-To: <202105190104.14J14Rh6001047@gndrsh.dnsmgr.net> References: <202105190104.14J14Rh6001047@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
To be fair, an obsolete RFC can be followed to the current document. Having= an anchor, even one that is obsolete, has value as a reference. Joe PGP Key : https://www.marcuscom.com/pgp.asc > On May 18, 2021, at 21:04, Rodney W. Grimes <freebsd@gndrsh.dnsmgr.net> wr= ote: >=20 > =EF=BB=BF >>=20 >> Just out of curiosity, why remove the RFC reference from the comment? Se= ems useful for those that want to know why this is a good practice. >=20 > RFC's are not immutable and more often that not an RFC comment > is out dated in the src. >=20 > As an example, network "10/8", original RFC 1627, obsoleted by 1918, > but the ietf tracker doesnt tell you that this was covered > in RFC5735, obsoleted by 6890, updated by 8190 > (the 169.254.0.0/16 block is covered in 6890 with no changes to that > part by 8190....) >=20 > SOOOO.. RFC references are very hard to keep upto date and correct. >=20 >>=20 >> Joe >>=20 >> PGP Key : https://www.marcuscom.com/pgp.asc >>=20 >>>> On May 18, 2021, at 17:01, Lutz Donnerhacke <donner@freebsd.org> wrote:= >>>=20 >>> ?The branch main has been updated by donner: >>>=20 >>> URL: https://cgit.FreeBSD.org/src/commit/?id=3D3d846e48227e2e78c1e7b3514= 5f57353ffda56ba >>>=20 >>> commit 3d846e48227e2e78c1e7b35145f57353ffda56ba >>> Author: Zhenlei Huang <zlei.huang@gmail.com> >>> AuthorDate: 2021-05-18 20:51:37 +0000 >>> Commit: Lutz Donnerhacke <donner@FreeBSD.org> >>> CommitDate: 2021-05-18 20:59:46 +0000 >>>=20 >>> Do not forward datagrams originated by link-local addresses >>>=20 >>> The current implement of ip_input() reject packets destined for >>> 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local >>> addresses. >>>=20 >>> Fix to fully respect RFC 3927 section 2.7. >>>=20 >>> PR: 255388 >>> Reviewed by: donner, rgrimes, karels >>> MFC after: 1 month >>> Differential Revision: https://reviews.freebsd.org/D29968 >>> --- >>> sys/netinet/ip_input.c | 16 +++++++++------- >>> 1 file changed, 9 insertions(+), 7 deletions(-) >>>=20 >>> diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c >>> index 43d375c2385f..1139e3a5abfa 100644 >>> --- a/sys/netinet/ip_input.c >>> +++ b/sys/netinet/ip_input.c >>> @@ -738,15 +738,10 @@ passin: >>> } >>> ia =3D NULL; >>> } >>> - /* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */ >>> - if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) { >>> - IPSTAT_INC(ips_cantforward); >>> - m_freem(m); >>> - return; >>> - } >>> if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { >>> MROUTER_RLOCK(); >>> - if (V_ip_mrouter) { >>> + /* Do not forward packets from IN_LINKLOCAL. */ >>> + if (V_ip_mrouter && !IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { >>> /* >>> * If we are acting as a multicast router, all >>> * incoming multicast packets are passed to the >>> @@ -785,6 +780,13 @@ passin: >>> goto ours; >>> if (ip->ip_dst.s_addr =3D=3D INADDR_ANY) >>> goto ours; >>> + /* Do not forward packets to or from IN_LINKLOCAL. */ >>> + if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr)) || >>> + IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { >>> + IPSTAT_INC(ips_cantforward); >>> + m_freem(m); >>> + return; >>> + } >>>=20 >>> /* >>> * Not for us; forward if possible and desirable. >>> _______________________________________________ >>> dev-commits-src-all@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all >>> To unsubscribe, send any mail to "dev-commits-src-all-unsubscribe@freebs= d.org" >>=20 >>=20 >>=20 >=20 > --=20 > Rod Grimes rgrimes@freebsd= .org > _______________________________________________ > dev-commits-src-all@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all > To unsubscribe, send any mail to "dev-commits-src-all-unsubscribe@freebsd.= org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79D18D6B-EDD7-4FB4-B3C6-7755A3B9F5F3>