From owner-dev-commits-src-all@freebsd.org  Wed May 19 01:57:21 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D691C634AD0;
 Wed, 19 May 2021 01:57:21 +0000 (UTC)
 (envelope-from jclarke@marcuscom.com)
Received: from creme-brulee.marcuscom.com (creme-brulee.marcuscom.com
 [IPv6:2607:fc50:1:f300::2])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "*.marcuscom.com", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FlGG95bsTz3l5y;
 Wed, 19 May 2021 01:57:21 +0000 (UTC)
 (envelope-from jclarke@marcuscom.com)
Received: from smtpclient.apple ([IPv6:2600:1700:b00:b239:9484:26f7:8d5:dda3])
 (authenticated bits=0)
 by creme-brulee.marcuscom.com (8.16.1/8.16.1) with ESMTPSA id 14J1vJYP000896
 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
 Tue, 18 May 2021 21:57:19 -0400 (EDT)
 (envelope-from jclarke@marcuscom.com)
X-Authentication-Warning: creme-brulee.marcuscom.com: Host
 [IPv6:2600:1700:b00:b239:9484:26f7:8d5:dda3] claimed to be smtpclient.apple
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Joe Clarke <jclarke@marcuscom.com>
Mime-Version: 1.0 (1.0)
Subject: Re: git: 3d846e48227e - main - Do not forward datagrams originated by
 link-local addresses
Date: Tue, 18 May 2021 21:57:14 -0400
Message-Id: <79D18D6B-EDD7-4FB4-B3C6-7755A3B9F5F3@marcuscom.com>
References: <202105190104.14J14Rh6001047@gndrsh.dnsmgr.net>
Cc: Lutz Donnerhacke <donner@freebsd.org>, src-committers@freebsd.org,
 dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org
In-Reply-To: <202105190104.14J14Rh6001047@gndrsh.dnsmgr.net>
To: rgrimes@freebsd.org
X-Mailer: iPhone Mail (18E212)
X-Spam-Status: No, score=2.5 required=5.0 tests=RDNS_NONE autolearn=disabled
 version=3.4.5
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on
 creme-brulee.marcuscom.com
X-Rspamd-Queue-Id: 4FlGG95bsTz3l5y
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2021 01:57:21 -0000

To be fair, an obsolete RFC can be followed to the current document.  Having=
 an anchor, even one that is obsolete, has value as a reference.

Joe

PGP Key : https://www.marcuscom.com/pgp.asc

> On May 18, 2021, at 21:04, Rodney W. Grimes <freebsd@gndrsh.dnsmgr.net> wr=
ote:
>=20
> =EF=BB=BF
>>=20
>> Just out of curiosity, why remove the RFC reference from the comment?  Se=
ems useful for those that want to know why this is a good practice.
>=20
> RFC's are not immutable and more often that not an RFC comment
> is out dated in the src.
>=20
> As an example, network "10/8", original RFC 1627, obsoleted by 1918,
> but the ietf tracker doesnt tell you that this was covered
> in RFC5735, obsoleted by 6890, updated by 8190
> (the 169.254.0.0/16 block is covered in 6890 with no changes to that
> part by 8190....)
>=20
> SOOOO.. RFC references are very hard to keep upto date and correct.
>=20
>>=20
>> Joe
>>=20
>> PGP Key : https://www.marcuscom.com/pgp.asc
>>=20
>>>> On May 18, 2021, at 17:01, Lutz Donnerhacke <donner@freebsd.org> wrote:=

>>>=20
>>> ?The branch main has been updated by donner:
>>>=20
>>> URL: https://cgit.FreeBSD.org/src/commit/?id=3D3d846e48227e2e78c1e7b3514=
5f57353ffda56ba
>>>=20
>>> commit 3d846e48227e2e78c1e7b35145f57353ffda56ba
>>> Author:     Zhenlei Huang <zlei.huang@gmail.com>
>>> AuthorDate: 2021-05-18 20:51:37 +0000
>>> Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
>>> CommitDate: 2021-05-18 20:59:46 +0000
>>>=20
>>>   Do not forward datagrams originated by link-local addresses
>>>=20
>>>   The current implement of ip_input() reject packets destined for
>>>   169.254.0.0/16, but not those original from 169.254.0.0/16 link-local
>>>   addresses.
>>>=20
>>>   Fix to fully respect RFC 3927 section 2.7.
>>>=20
>>>   PR:             255388
>>>   Reviewed by:    donner, rgrimes, karels
>>>   MFC after:      1 month
>>>   Differential Revision:  https://reviews.freebsd.org/D29968
>>> ---
>>> sys/netinet/ip_input.c | 16 +++++++++-------
>>> 1 file changed, 9 insertions(+), 7 deletions(-)
>>>=20
>>> diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
>>> index 43d375c2385f..1139e3a5abfa 100644
>>> --- a/sys/netinet/ip_input.c
>>> +++ b/sys/netinet/ip_input.c
>>> @@ -738,15 +738,10 @@ passin:
>>>       }
>>>       ia =3D NULL;
>>>   }
>>> -    /* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */
>>> -    if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) {
>>> -        IPSTAT_INC(ips_cantforward);
>>> -        m_freem(m);
>>> -        return;
>>> -    }
>>>   if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
>>>       MROUTER_RLOCK();
>>> -        if (V_ip_mrouter) {
>>> +        /* Do not forward packets from IN_LINKLOCAL. */
>>> +        if (V_ip_mrouter && !IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) {
>>>           /*
>>>            * If we are acting as a multicast router, all
>>>            * incoming multicast packets are passed to the
>>> @@ -785,6 +780,13 @@ passin:
>>>       goto ours;
>>>   if (ip->ip_dst.s_addr =3D=3D INADDR_ANY)
>>>       goto ours;
>>> +    /* Do not forward packets to or from IN_LINKLOCAL. */
>>> +    if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr)) ||
>>> +        IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) {
>>> +        IPSTAT_INC(ips_cantforward);
>>> +        m_freem(m);
>>> +        return;
>>> +    }
>>>=20
>>>   /*
>>>    * Not for us; forward if possible and desirable.
>>> _______________________________________________
>>> dev-commits-src-all@freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
>>> To unsubscribe, send any mail to "dev-commits-src-all-unsubscribe@freebs=
d.org"
>>=20
>>=20
>>=20
>=20
> --=20
> Rod Grimes                                                 rgrimes@freebsd=
.org
> _______________________________________________
> dev-commits-src-all@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
> To unsubscribe, send any mail to "dev-commits-src-all-unsubscribe@freebsd.=
org"