Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/sys Pull up following revision(s) (requested by roy in ti...
details: https://anonhg.NetBSD.org/src/rev/2e90f1180ff5
branches: netbsd-8
changeset: 434479:2e90f1180ff5
user: snj <snj%NetBSD.org@localhost>
date: Sun Dec 10 09:24:30 2017 +0000
description:
Pull up following revision(s) (requested by roy in ticket #390):
sys/netinet/ip_input.c: 1.363
sys/netinet6/ip6_input.c: 1.184-1.185
sys/netinet6/ip6_output.c: 1.194-1.195
sys/netinet6/in6_src.c: 1.83-1.84
Allow local communication over DETACHED addresses.
Allow binding to DETACHED or TENTATIVE addresses as we deny
sending upstream from them anyway.
Prefer non DETACHED or TENTATIVE addresses.
--
Attempt to restore v6 networking. Not 100% certain that these
changes are all that is needed, but they're certainly a big part of it
(especially the ip6_input.c change.)
--
Treat unvalidated addresses as deprecated in rule 3.
diffstat:
sys/netinet/ip_input.c | 20 +++++++++++++-------
sys/netinet6/in6_src.c | 20 +++++++++++++-------
sys/netinet6/ip6_input.c | 26 +++++++++++++++++++++++---
sys/netinet6/ip6_output.c | 22 ++++++++++++++--------
4 files changed, 63 insertions(+), 25 deletions(-)
diffs (239 lines):
diff -r 6e54f2b39ba4 -r 2e90f1180ff5 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c Fri Dec 08 06:19:01 2017 +0000
+++ b/sys/netinet/ip_input.c Sun Dec 10 09:24:30 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.355.2.1 2017/10/21 19:43:54 snj Exp $ */
+/* $NetBSD: ip_input.c,v 1.355.2.2 2017/12/10 09:24:30 snj Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.355.2.1 2017/10/21 19:43:54 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.355.2.2 2017/12/10 09:24:30 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -377,11 +377,14 @@
continue;
if (checkif && ia->ia_ifp != ifp)
continue;
- if ((ia->ia_ifp->if_flags & IFF_UP) != 0 &&
- (ia->ia4_flags & IN_IFF_DETACHED) == 0)
- break;
- else
+ if ((ia->ia_ifp->if_flags & IFF_UP) == 0) {
(*downmatch)++;
+ continue;
+ }
+ if (ia->ia4_flags & IN_IFF_DETACHED &&
+ (ifp->if_flags & IFF_LOOPBACK) == 0)
+ continue;
+ break;
}
}
@@ -398,7 +401,10 @@
if (ifa->ifa_addr->sa_family != AF_INET)
continue;
ia = ifatoia(ifa);
- if (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED))
+ if (ia->ia4_flags & IN_IFF_NOTREADY)
+ continue;
+ if (ia->ia4_flags & IN_IFF_DETACHED &&
+ (ifp->if_flags & IFF_LOOPBACK) == 0)
continue;
if (in_hosteq(ip->ip_dst, ia->ia_broadaddr.sin_addr) ||
in_hosteq(ip->ip_dst, ia->ia_netbroadcast) ||
diff -r 6e54f2b39ba4 -r 2e90f1180ff5 sys/netinet6/in6_src.c
--- a/sys/netinet6/in6_src.c Fri Dec 08 06:19:01 2017 +0000
+++ b/sys/netinet6/in6_src.c Sun Dec 10 09:24:30 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_src.c,v 1.79.6.1 2017/08/31 11:24:03 martin Exp $ */
+/* $NetBSD: in6_src.c,v 1.79.6.2 2017/12/10 09:24:30 snj Exp $ */
/* $KAME: in6_src.c,v 1.159 2005/10/19 01:40:32 t-momose Exp $ */
/*
@@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_src.c,v 1.79.6.1 2017/08/31 11:24:03 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_src.c,v 1.79.6.2 2017/12/10 09:24:30 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -135,6 +135,9 @@
static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
+#define IFA6_IS_VALIDATED(ia) \
+ (((ia)->ia6_flags & (IN6_IFF_TENTATIVE | IN6_IFF_DETACHED)) == 0)
+
/*
* Return an IPv6 address, which is the most appropriate for a given
* destination and user specified options.
@@ -211,10 +214,8 @@
}
/* avoid unusable addresses */
- if ((ia->ia6_flags &
- (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
- continue;
- }
+ if ((ia->ia6_flags & (IN6_IFF_DUPLICATED | IN6_IFF_ANYCAST)))
+ continue;
if (!ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
continue;
@@ -232,7 +233,7 @@
}
if (ia_best == NULL)
- REPLACE(0);
+ REPLACE(1);
/* Rule 2: Prefer appropriate scope */
if (dst_scope < 0)
@@ -251,7 +252,12 @@
/*
* Rule 3: Avoid deprecated addresses. Note that the case of
* !ip6_use_deprecated is already rejected above.
+ * Treat unvalidated addresses as deprecated here.
*/
+ if (IFA6_IS_VALIDATED(ia_best) && !IFA6_IS_VALIDATED(ia))
+ NEXT(3);
+ if (!IFA6_IS_VALIDATED(ia_best) && IFA6_IS_VALIDATED(ia))
+ REPLACE(3);
if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
NEXT(3);
if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
diff -r 6e54f2b39ba4 -r 2e90f1180ff5 sys/netinet6/ip6_input.c
--- a/sys/netinet6/ip6_input.c Fri Dec 08 06:19:01 2017 +0000
+++ b/sys/netinet6/ip6_input.c Sun Dec 10 09:24:30 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_input.c,v 1.178.2.1 2017/10/21 19:43:54 snj Exp $ */
+/* $NetBSD: ip6_input.c,v 1.178.2.2 2017/12/10 09:24:30 snj Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.178.2.1 2017/10/21 19:43:54 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.178.2.2 2017/12/10 09:24:30 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_gateway.h"
@@ -511,13 +511,33 @@
#endif
rt->rt_ifp->if_type == IFT_LOOP) {
struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa;
+ int addrok;
+
if (ia6->ia6_flags & IN6_IFF_ANYCAST)
m->m_flags |= M_ANYCAST6;
/*
* packets to a tentative, duplicated, or somehow invalid
* address must not be accepted.
*/
- if (!(ia6->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_DETACHED))) {
+ if (ia6->ia6_flags & IN6_IFF_NOTREADY)
+ addrok = 0;
+ else if (ia6->ia6_flags & IN6_IFF_DETACHED &&
+ !IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src))
+ {
+ /* Allow internal traffic to DETACHED addresses */
+ struct sockaddr_in6 sin6;
+ int s;
+
+ memset(&sin6, 0, sizeof(sin6));
+ sin6.sin6_family = AF_INET6;
+ sin6.sin6_len = sizeof(sin6);
+ sin6.sin6_addr = ip6->ip6_src;
+ s = pserialize_read_enter();
+ addrok = (ifa_ifwithaddr(sin6tosa(&sin6)) != NULL);
+ pserialize_read_exit(s);
+ } else
+ addrok = 1;
+ if (addrok) {
/* this address is ready */
ours = 1;
deliverifp = ia6->ia_ifp; /* correct? */
diff -r 6e54f2b39ba4 -r 2e90f1180ff5 sys/netinet6/ip6_output.c
--- a/sys/netinet6/ip6_output.c Fri Dec 08 06:19:01 2017 +0000
+++ b/sys/netinet6/ip6_output.c Sun Dec 10 09:24:30 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.191.6.2 2017/10/21 19:43:54 snj Exp $ */
+/* $NetBSD: ip6_output.c,v 1.191.6.3 2017/12/10 09:24:30 snj Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.191.6.2 2017/10/21 19:43:54 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.191.6.3 2017/12/10 09:24:30 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -134,7 +134,7 @@
static int ip6_splithdr(struct mbuf *, struct ip6_exthdrs *);
static int ip6_getpmtu(struct rtentry *, struct ifnet *, u_long *, int *);
static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int);
-static int ip6_ifaddrvalid(const struct in6_addr *);
+static int ip6_ifaddrvalid(const struct in6_addr *, const struct in6_addr *);
static int ip6_handle_rthdr(struct ip6_rthdr *, struct ip6_hdr *);
#ifdef RFC2292
@@ -605,7 +605,9 @@
/* scope check is done. */
/* Ensure we only send from a valid address. */
- if ((error = ip6_ifaddrvalid(&src0)) != 0) {
+ if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
+ (error = ip6_ifaddrvalid(&src0, &dst0)) != 0)
+ {
char ip6buf[INET6_ADDRSTRLEN];
nd6log(LOG_ERR,
"refusing to send from invalid address %s (pid %d)\n",
@@ -3363,27 +3365,31 @@
* if the packet could be dropped without error (protocol dependent).
*/
static int
-ip6_ifaddrvalid(const struct in6_addr *addr)
+ip6_ifaddrvalid(const struct in6_addr *src, const struct in6_addr *dst)
{
struct sockaddr_in6 sin6;
int s, error;
struct ifaddr *ifa;
struct in6_ifaddr *ia6;
- if (IN6_IS_ADDR_UNSPECIFIED(addr))
+ if (IN6_IS_ADDR_UNSPECIFIED(src))
return 0;
memset(&sin6, 0, sizeof(sin6));
sin6.sin6_family = AF_INET6;
sin6.sin6_len = sizeof(sin6);
- sin6.sin6_addr = *addr;
+ sin6.sin6_addr = *src;
s = pserialize_read_enter();
ifa = ifa_ifwithaddr(sin6tosa(&sin6));
if ((ia6 = ifatoia6(ifa)) == NULL ||
ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_DUPLICATED))
error = -1;
- else if (ia6->ia6_flags & (IN6_IFF_TENTATIVE | IN6_IFF_DETACHED))
+ else if (ia6->ia6_flags & IN6_IFF_TENTATIVE)
+ error = 1;
+ else if (ia6->ia6_flags & IN6_IFF_DETACHED &&
+ (sin6.sin6_addr = *dst, ifa_ifwithaddr(sin6tosa(&sin6)) == NULL))
+ /* Allow internal traffic to DETACHED addresses */
error = 1;
else
error = 0;
Home |
Main Index |
Thread Index |
Old Index