Just out of curiosity, why remove the RFC reference from the comment? Seems useful for those that want to know why this is a good practice.
Joe PGP Key : https://www.marcuscom.com/pgp.asc > On May 18, 2021, at 17:01, Lutz Donnerhacke <don...@freebsd.org> wrote: > > The branch main has been updated by donner: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=3d846e48227e2e78c1e7b35145f57353ffda56ba > > commit 3d846e48227e2e78c1e7b35145f57353ffda56ba > Author: Zhenlei Huang <zlei.hu...@gmail.com> > AuthorDate: 2021-05-18 20:51:37 +0000 > Commit: Lutz Donnerhacke <don...@freebsd.org> > CommitDate: 2021-05-18 20:59:46 +0000 > > Do not forward datagrams originated by link-local addresses > > The current implement of ip_input() reject packets destined for > 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local > addresses. > > Fix to fully respect RFC 3927 section 2.7. > > PR: 255388 > Reviewed by: donner, rgrimes, karels > MFC after: 1 month > Differential Revision: https://reviews.freebsd.org/D29968 > --- > sys/netinet/ip_input.c | 16 +++++++++------- > 1 file changed, 9 insertions(+), 7 deletions(-) > > diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c > index 43d375c2385f..1139e3a5abfa 100644 > --- a/sys/netinet/ip_input.c > +++ b/sys/netinet/ip_input.c > @@ -738,15 +738,10 @@ passin: > } > ia = NULL; > } > - /* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */ > - if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) { > - IPSTAT_INC(ips_cantforward); > - m_freem(m); > - return; > - } > if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { > MROUTER_RLOCK(); > - if (V_ip_mrouter) { > + /* Do not forward packets from IN_LINKLOCAL. */ > + if (V_ip_mrouter && !IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { > /* > * If we are acting as a multicast router, all > * incoming multicast packets are passed to the > @@ -785,6 +780,13 @@ passin: > goto ours; > if (ip->ip_dst.s_addr == INADDR_ANY) > goto ours; > + /* Do not forward packets to or from IN_LINKLOCAL. */ > + if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr)) || > + IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { > + IPSTAT_INC(ips_cantforward); > + m_freem(m); > + return; > + } > > /* > * Not for us; forward if possible and desirable. > _______________________________________________ > dev-commits-src-all@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all > To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org" _______________________________________________ dev-commits-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org"
