The branch stable/12 has been updated by donner: URL: https://cgit.FreeBSD.org/src/commit/?id=c0a91473f5be9f0660d1e043b1f08f7d50e815ad
commit c0a91473f5be9f0660d1e043b1f08f7d50e815ad Author: Zhenlei Huang <[email protected]> AuthorDate: 2021-05-18 20:51:37 +0000 Commit: Lutz Donnerhacke <[email protected]> CommitDate: 2021-06-17 08:18:46 +0000 Do not forward datagrams originated by link-local addresses The current implement of ip_input() reject packets destined for 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local addresses. Fix to fully respect RFC 3927 section 2.7. PR: 255388 Reviewed by: donner, rgrimes, karels Differential Revision: https://reviews.freebsd.org/D29968 Reviewed by: rgrimes, donner, karels, marcus, emaste Differential Revision: https://reviews.freebsd.org/D30374 (cherry picked from commit 3d846e48227e2e78c1e7b35145f57353ffda56ba) (cherry picked from commit 03b0505b8fe848f33f2f38fe89dd5538908c847e) --- sys/netinet/ip_input.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index e329b65b4e21..6e692083c121 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -738,14 +738,12 @@ passin: IF_ADDR_RUNLOCK(ifp); ia = NULL; } - /* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */ - if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) { - IPSTAT_INC(ips_cantforward); - m_freem(m); - return; - } if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { - if (V_ip_mrouter) { + /* + * RFC 3927 2.7: Do not forward multicast packets from + * IN_LINKLOCAL. + */ + if (V_ip_mrouter && !IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { /* * If we are acting as a multicast router, all * incoming multicast packets are passed to the @@ -780,6 +778,13 @@ passin: goto ours; if (ip->ip_dst.s_addr == INADDR_ANY) goto ours; + /* RFC 3927 2.7: Do not forward packets to or from IN_LINKLOCAL. */ + if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr)) || + IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { + IPSTAT_INC(ips_cantforward); + m_freem(m); + return; + } /* * Not for us; forward if possible and desirable. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "[email protected]"
