Re: kern/52074: -current npf map directive broken

To: Roy Marples <roy%marples.name@localhost>, Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>, Frank Kardel <kardel%netbsd.org@localhost>
Subject: Re: kern/52074: -current npf map directive broken
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Sun, 7 May 2017 17:17:28 -0400

On May 7,  8:50pm, roy%marples.name@localhost (Roy Marples) wrote:
-- Subject: Re: kern/52074: -current npf map directive broken

| I  think xtos already comitted a fix, but I'm unsure his fix is correct.
| I think the workflow should be this:
| 
| if (ia != NULL)
| 	error = ip_ifaddrvalid(ia);
| else
| 	error = flags & IP_FORWARDING ? 0 : -1;
| if (error != 0) { ...
| 
| The idea is that if we claim to send from an address it has to be valid, 
| but allow the NULL address if forwarded from the filter.
| 
| Does this make sense?
| The same path probably needs adjustment in inet6.

Sure, go for it. Why not put all the logic in ip_ifaddrvalid then?

christos

Follow-Ups:
- Re: kern/52074: -current npf map directive broken
  - From: Robert Elz

References:
- Re: kern/52074: -current npf map directive broken
  - From: Roy Marples

Prev by Date: Re: kern/52074: -current npf map directive broken
Next by Date: Re: kern/52074: -current npf map directive broken
Previous by Thread: Re: kern/52074: -current npf map directive broken
Next by Thread: Re: kern/52074: -current npf map directive broken
Indexes:

Home | Main Index | Thread Index | Old Index