Date: Thu, 28 May 2020 07:26:19 +0000 (UTC) From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361572 - in head/sys: netinet netinet6 Message-ID: <202005280726.04S7QJg5043274@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: melifaro Date: Thu May 28 07:26:18 2020 New Revision: 361572 URL: https://svnweb.freebsd.org/changeset/base/361572 Log: Switch gif(4) path verification to fib[46]_check_urfp(). fibX_lookup_nh_ represents pre-epoch generation of fib api, providing less guarantees over pointer validness and requiring on-stack data copying. Use specialized fib[46]_check_urpf() from newer KPI instead, to allow removal of older KPI. Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D24978 Modified: head/sys/netinet/in_gif.c head/sys/netinet6/in6_gif.c Modified: head/sys/netinet/in_gif.c ============================================================================== --- head/sys/netinet/in_gif.c Thu May 28 07:23:27 2020 (r361571) +++ head/sys/netinet/in_gif.c Thu May 28 07:26:18 2020 (r361572) @@ -379,13 +379,8 @@ done: return (0); /* ingress filters on outer source */ if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) { - struct nhop4_basic nh4; - struct in_addr dst; - - dst = ip->ip_src; - if (fib4_lookup_nh_basic(sc->gif_fibnum, dst, 0, 0, &nh4) != 0) - return (0); - if (nh4.nh_ifp != m->m_pkthdr.rcvif) + if (fib4_check_urpf(sc->gif_fibnum, ip->ip_src, 0, NHR_NONE, + m->m_pkthdr.rcvif) == 0) return (0); } *arg = sc; Modified: head/sys/netinet6/in6_gif.c ============================================================================== --- head/sys/netinet6/in6_gif.c Thu May 28 07:23:27 2020 (r361571) +++ head/sys/netinet6/in6_gif.c Thu May 28 07:26:18 2020 (r361572) @@ -402,13 +402,9 @@ done: return (0); /* ingress filters on outer source */ if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) { - struct nhop6_basic nh6; - - if (fib6_lookup_nh_basic(sc->gif_fibnum, &ip6->ip6_src, - ntohs(in6_getscope(&ip6->ip6_src)), 0, 0, &nh6) != 0) - return (0); - - if (nh6.nh_ifp != m->m_pkthdr.rcvif) + if (fib6_check_urpf(sc->gif_fibnum, &ip6->ip6_src, + ntohs(in6_getscope(&ip6->ip6_src)), NHR_NONE, + m->m_pkthdr.rcvif) == 0) return (0); } *arg = sc;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005280726.04S7QJg5043274>