git: 3d846e48227e - main - Do not forward datagrams originated by link-local addresses
Lutz Donnerhacke
donner at FreeBSD.org
Tue May 18 21:01:16 UTC 2021
The branch main has been updated by donner:
URL: https://cgit.FreeBSD.org/src/commit/?id=3d846e48227e2e78c1e7b35145f57353ffda56ba
commit 3d846e48227e2e78c1e7b35145f57353ffda56ba
Author: Zhenlei Huang <zlei.huang at gmail.com>
AuthorDate: 2021-05-18 20:51:37 +0000
Commit: Lutz Donnerhacke <donner at FreeBSD.org>
CommitDate: 2021-05-18 20:59:46 +0000
Do not forward datagrams originated by link-local addresses
The current implement of ip_input() reject packets destined for
169.254.0.0/16, but not those original from 169.254.0.0/16 link-local
addresses.
Fix to fully respect RFC 3927 section 2.7.
PR: 255388
Reviewed by: donner, rgrimes, karels
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D29968
---
sys/netinet/ip_input.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 43d375c2385f..1139e3a5abfa 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -738,15 +738,10 @@ passin:
}
ia = NULL;
}
- /* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */
- if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) {
- IPSTAT_INC(ips_cantforward);
- m_freem(m);
- return;
- }
if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
MROUTER_RLOCK();
- if (V_ip_mrouter) {
+ /* Do not forward packets from IN_LINKLOCAL. */
+ if (V_ip_mrouter && !IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) {
/*
* If we are acting as a multicast router, all
* incoming multicast packets are passed to the
@@ -785,6 +780,13 @@ passin:
goto ours;
if (ip->ip_dst.s_addr == INADDR_ANY)
goto ours;
+ /* Do not forward packets to or from IN_LINKLOCAL. */
+ if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr)) ||
+ IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) {
+ IPSTAT_INC(ips_cantforward);
+ m_freem(m);
+ return;
+ }
/*
* Not for us; forward if possible and desirable.
More information about the dev-commits-src-main
mailing list