Date: Thu, 28 Mar 2024 19:36:51 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 277349] The net.inet.ip.source_address_validation should ignore CARP IP in backup state Message-ID: <bug-277349-7501-XPYOMeVzdA@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-277349-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-277349-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277349 --- Comment #10 from commit-hook@FreeBSD.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3Dd6e1ae659b11a13a9c289424735394173= 907c1d3 commit d6e1ae659b11a13a9c289424735394173907c1d3 Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2024-03-19 18:48:59 +0000 Commit: Gleb Smirnoff <glebius@FreeBSD.org> CommitDate: 2024-03-28 19:35:45 +0000 carp: check CARP status in in_localip_fib(), in6_localip_fib() Don't report a BACKUP CARP address as local. These two functions are u= sed only by source address validation for input packets, controlled by sysc= tls net.inet.ip.source_address_validation and net.inet6.ip6.source_address_validation. For this purpose we definitely want to treat BACKUP addresses as non local. This change is conservative and doesn't modify compat in_localip() and in6_localip(). They are used more widely than the FIB-aware versions. The change would modify the notion of ipfw(4) 'me' keyword. There might be other consequences as in_localip() is used by various tunneling protocols. PR: 277349 (cherry picked from commit 56f7860087eec14b4a65310b70bd704e79e1b48c) sys/netinet/in.c | 4 +++- sys/netinet6/in6.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277349-7501-XPYOMeVzdA>