git: 3d846e48227e - main - Do not forward datagrams originated by link-local addresses
Joe Clarke
jclarke at marcuscom.com
Wed May 19 01:57:21 UTC 2021
To be fair, an obsolete RFC can be followed to the current document. Having an anchor, even one that is obsolete, has value as a reference.
Joe
PGP Key : https://www.marcuscom.com/pgp.asc
> On May 18, 2021, at 21:04, Rodney W. Grimes <freebsd at gndrsh.dnsmgr.net> wrote:
>
>
>>
>> Just out of curiosity, why remove the RFC reference from the comment? Seems useful for those that want to know why this is a good practice.
>
> RFC's are not immutable and more often that not an RFC comment
> is out dated in the src.
>
> As an example, network "10/8", original RFC 1627, obsoleted by 1918,
> but the ietf tracker doesnt tell you that this was covered
> in RFC5735, obsoleted by 6890, updated by 8190
> (the 169.254.0.0/16 block is covered in 6890 with no changes to that
> part by 8190....)
>
> SOOOO.. RFC references are very hard to keep upto date and correct.
>
>>
>> Joe
>>
>> PGP Key : https://www.marcuscom.com/pgp.asc
>>
>>>> On May 18, 2021, at 17:01, Lutz Donnerhacke <donner at freebsd.org> wrote:
>>>
>>> ?The branch main has been updated by donner:
>>>
>>> URL: https://cgit.FreeBSD.org/src/commit/?id=3d846e48227e2e78c1e7b35145f57353ffda56ba
>>>
>>> commit 3d846e48227e2e78c1e7b35145f57353ffda56ba
>>> Author: Zhenlei Huang <zlei.huang at gmail.com>
>>> AuthorDate: 2021-05-18 20:51:37 +0000
>>> Commit: Lutz Donnerhacke <donner at FreeBSD.org>
>>> CommitDate: 2021-05-18 20:59:46 +0000
>>>
>>> Do not forward datagrams originated by link-local addresses
>>>
>>> The current implement of ip_input() reject packets destined for
>>> 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local
>>> addresses.
>>>
>>> Fix to fully respect RFC 3927 section 2.7.
>>>
>>> PR: 255388
>>> Reviewed by: donner, rgrimes, karels
>>> MFC after: 1 month
>>> Differential Revision: https://reviews.freebsd.org/D29968
>>> ---
>>> sys/netinet/ip_input.c | 16 +++++++++-------
>>> 1 file changed, 9 insertions(+), 7 deletions(-)
>>>
>>> diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
>>> index 43d375c2385f..1139e3a5abfa 100644
>>> --- a/sys/netinet/ip_input.c
>>> +++ b/sys/netinet/ip_input.c
>>> @@ -738,15 +738,10 @@ passin:
>>> }
>>> ia = NULL;
>>> }
>>> - /* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */
>>> - if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) {
>>> - IPSTAT_INC(ips_cantforward);
>>> - m_freem(m);
>>> - return;
>>> - }
>>> if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
>>> MROUTER_RLOCK();
>>> - if (V_ip_mrouter) {
>>> + /* Do not forward packets from IN_LINKLOCAL. */
>>> + if (V_ip_mrouter && !IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) {
>>> /*
>>> * If we are acting as a multicast router, all
>>> * incoming multicast packets are passed to the
>>> @@ -785,6 +780,13 @@ passin:
>>> goto ours;
>>> if (ip->ip_dst.s_addr == INADDR_ANY)
>>> goto ours;
>>> + /* Do not forward packets to or from IN_LINKLOCAL. */
>>> + if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr)) ||
>>> + IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) {
>>> + IPSTAT_INC(ips_cantforward);
>>> + m_freem(m);
>>> + return;
>>> + }
>>>
>>> /*
>>> * Not for us; forward if possible and desirable.
>>> _______________________________________________
>>> dev-commits-src-all at freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
>>> To unsubscribe, send any mail to "dev-commits-src-all-unsubscribe at freebsd.org"
>>
>>
>>
>
> --
> Rod Grimes rgrimes at freebsd.org
> _______________________________________________
> dev-commits-src-all at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
> To unsubscribe, send any mail to "dev-commits-src-all-unsubscribe at freebsd.org"
More information about the dev-commits-src-main
mailing list