svn commit: r329559 - stable/11/sys/netinet6
Andrey V. Elsukov
ae at FreeBSD.org
Mon Feb 19 10:34:31 UTC 2018
Author: ae
Date: Mon Feb 19 10:34:30 2018
New Revision: 329559
URL: https://svnweb.freebsd.org/changeset/base/329559
Log:
MFC r328541:
Do not skip scope zone violation check, when mbuf has M_FASTFWD_OURS flag.
When mbuf has M_FASTFWD_OURS flag, this means that a destination address
is our local, but we still need to pass scope zone violation check,
because protocol level expects that IPv6 link-local addresses have
embedded scope zone indexes. This should fix the problem, when ipfw is
used to forward packets to local address and source address of a packet
is IPv6 LLA.
Reported by: asomers@
Modified:
stable/11/sys/netinet6/ip6_input.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet6/ip6_input.c
==============================================================================
--- stable/11/sys/netinet6/ip6_input.c Mon Feb 19 10:30:34 2018 (r329558)
+++ stable/11/sys/netinet6/ip6_input.c Mon Feb 19 10:34:30 2018 (r329559)
@@ -571,10 +571,8 @@ ip6_input(struct mbuf *m)
/*
* Firewall changed destination to local.
*/
- m->m_flags &= ~M_FASTFWD_OURS;
- ours = 1;
ip6 = mtod(m, struct ip6_hdr *);
- goto hbhcheck;
+ goto passin;
}
/*
@@ -735,10 +733,8 @@ ip6_input(struct mbuf *m)
if ((m = ip6_tryforward(m)) == NULL)
return;
if (m->m_flags & M_FASTFWD_OURS) {
- m->m_flags &= ~M_FASTFWD_OURS;
- ours = 1;
ip6 = mtod(m, struct ip6_hdr *);
- goto hbhcheck;
+ goto passin;
}
}
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
@@ -769,13 +765,7 @@ ip6_input(struct mbuf *m)
return;
ip6 = mtod(m, struct ip6_hdr *);
srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
-
- if (m->m_flags & M_FASTFWD_OURS) {
- m->m_flags &= ~M_FASTFWD_OURS;
- ours = 1;
- goto hbhcheck;
- }
- if ((m->m_flags & M_IP6_NEXTHOP) &&
+ if ((m->m_flags & (M_IP6_NEXTHOP | M_FASTFWD_OURS)) == M_IP6_NEXTHOP &&
m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL) {
/*
* Directly ship the packet on. This allows forwarding
@@ -805,6 +795,11 @@ passin:
in6_setscope(&ip6->ip6_dst, rcvif, NULL)) {
IP6STAT_INC(ip6s_badscope);
goto bad;
+ }
+ if (m->m_flags & M_FASTFWD_OURS) {
+ m->m_flags &= ~M_FASTFWD_OURS;
+ ours = 1;
+ goto hbhcheck;
}
/*
* Multicast check. Assume packet is for us to avoid
More information about the svn-src-all
mailing list