From nobody Tue Mar 19 18:57:16 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TzgvK2PGmz5F8Wr; Tue, 19 Mar 2024 18:57:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TzgvJ71wZz4nxV; Tue, 19 Mar 2024 18:57:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710874637; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=I2shPjCWjnNYj7uhxnKKxM104SiOZ5YjyFrBDLXTUdI=; b=IWjh6XuBY6/oH4sqpsHHt2nHX0zfn9uht6ECiy4PXu+/gm+RUHbYg6TNEsVB4MzCzgLMOW N+tNbf7k/SvAyzxqGv//UU6kgoZleB04HfGlrYbmlPO+ABAGpetP59NBoVYffjI0ydTnJ5 D2grpPRjkunRDfvGWmhQlPQ41EjLCHI0V2YTgiNNiw7upOtMrDPTW2WvngZzIT6iOAuWNx VRARCWC0g1oe+Jfv3h8dAmq2rFqp8nwt1feaJm2XkhAiuHcug4Wm9v+gVHNv8HIxDZI10f OSp5Kp69fEa/KGaOmUpX0SmfsjBBPMpB9E3HE9mkNPsjQEd8DuLMqXyMOboTuQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1710874637; a=rsa-sha256; cv=none; b=WuydLjV6AdZPBoT3pHBL/hyuioR2jtsnOb74nyx7xGW0ZWiHGh0ZyayzLHi3DK7Rw6WciV lOl4dw9bJBdrUAN/iAF/0R4ktNdl3pOVGmRM4pwZRJ1hLwW+8MVZfrj3EB4kfMzCiHZTU8 SU2kgN2B+GCO4bYcs1v1ywT/wzVmt8EIMZfg/wqxMceIAcbI/a6bDObuxkhPSfDpKIHeSx I1/W3kQXa10E7ESxqJKawv+TO0hNaXJjf7Y68CqdMRrv5ahiwVHSsb61mKIH4ngSwz7FH/ xFRUpDOqdjfz0StEnrb4dF/fmr2ihtrJZDOHVFovDwF1cwXVNBjXHpoHKUG/tA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710874637; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=I2shPjCWjnNYj7uhxnKKxM104SiOZ5YjyFrBDLXTUdI=; b=ygcsfVo0ttD66IzH12fU9Ct90EVwJ7yw4akTdt081iYvCPH8sR7IVo4ISO/8VfMCgKMfr1 VvvHMKqvwmWoOOCR2A3rMF9qimq5DR2jDaGZh5iYVYaW3gYP+ebIaIP7ur1MovqWCVH7mC 1k/y9ERPh4tiGD1ZBUHveKM3f7DUvAxzhMl433VNl0qY2xRBRN9aDSGG+Tmmkw4+0/iicu 28df+FlysLNes3GQBXRaKcfMJ3usnkT/TbbbrXldBDUwr7STD3MSoQWUos/fwZU+V1JwQC OoTgQuM8lAvv5O2Cz/8L4Zrs/fP1/sMTLzF6Qqnl6X4+PtWgZ/zwjKcsy7isfw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TzgvJ6KgtzJQ9; Tue, 19 Mar 2024 18:57:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 42JIvGtM038242; Tue, 19 Mar 2024 18:57:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 42JIvGd5038239; Tue, 19 Mar 2024 18:57:16 GMT (envelope-from git) Date: Tue, 19 Mar 2024 18:57:16 GMT Message-Id: <202403191857.42JIvGd5038239@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: 56f7860087ee - main - carp: check CARP status in in_localip_fib(), in6_localip_fib() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 56f7860087eec14b4a65310b70bd704e79e1b48c Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=56f7860087eec14b4a65310b70bd704e79e1b48c commit 56f7860087eec14b4a65310b70bd704e79e1b48c Author: Gleb Smirnoff AuthorDate: 2024-03-19 18:48:59 +0000 Commit: Gleb Smirnoff CommitDate: 2024-03-19 18:48:59 +0000 carp: check CARP status in in_localip_fib(), in6_localip_fib() Don't report a BACKUP CARP address as local. These two functions are used only by source address validation for input packets, controlled by sysctls net.inet.ip.source_address_validation and net.inet6.ip6.source_address_validation. For this purpose we definitely want to treat BACKUP addresses as non local. This change is conservative and doesn't modify compat in_localip() and in6_localip(). They are used more widely than the FIB-aware versions. The change would modify the notion of ipfw(4) 'me' keyword. There might be other consequences as in_localip() is used by various tunneling protocols. PR: 277349 --- sys/netinet/in.c | 4 +++- sys/netinet6/in6.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 1c6e87485ace..940b197d9e95 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -165,7 +165,7 @@ in_localip(struct in_addr in) } /* - * Like in_localip(), but FIB-aware. + * Like in_localip(), but FIB-aware and carp(4)-aware. */ bool in_localip_fib(struct in_addr in, uint16_t fib) @@ -176,6 +176,8 @@ in_localip_fib(struct in_addr in, uint16_t fib) CK_LIST_FOREACH(ia, INADDR_HASH(in.s_addr), ia_hash) if (IA_SIN(ia)->sin_addr.s_addr == in.s_addr && + (ia->ia_ifa.ifa_carp == NULL || + carp_master_p(&ia->ia_ifa)) && ia->ia_ifa.ifa_ifp->if_fib == fib) return (true); diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index aca98d2b86b2..20e19b2197d7 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -1805,7 +1805,7 @@ in6_localip(struct in6_addr *in6) } /* - * Like in6_localip(), but FIB-aware. + * Like in6_localip(), but FIB-aware and carp(4)-aware. */ bool in6_localip_fib(struct in6_addr *in6, uint16_t fib) @@ -1816,6 +1816,8 @@ in6_localip_fib(struct in6_addr *in6, uint16_t fib) IN6_IFADDR_RLOCK(&in6_ifa_tracker); CK_LIST_FOREACH(ia, IN6ADDR_HASH(in6), ia6_hash) { if (IN6_ARE_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr) && + (ia->ia_ifa.ifa_carp == NULL || + carp_master_p(&ia->ia_ifa)) && ia->ia_ifa.ifa_ifp->if_fib == fib) { IN6_IFADDR_RUNLOCK(&in6_ifa_tracker); return (true);