Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys apply in{,6}_tunnel_validate() to gif(4).
details: https://anonhg.NetBSD.org/src/rev/0bf8acc1c5fe
branches: trunk
changeset: 828930:0bf8acc1c5fe
user: knakahara <knakahara%NetBSD.org@localhost>
date: Wed Jan 10 11:13:26 2018 +0000
description:
apply in{,6}_tunnel_validate() to gif(4).
diffstat:
sys/netinet/in_gif.c | 33 ++++++---------------------------
sys/netinet6/in6_gif.c | 14 ++++++--------
2 files changed, 12 insertions(+), 35 deletions(-)
diffs (114 lines):
diff -r b6242d1d8a22 -r 0bf8acc1c5fe sys/netinet/in_gif.c
--- a/sys/netinet/in_gif.c Wed Jan 10 11:11:20 2018 +0000
+++ b/sys/netinet/in_gif.c Wed Jan 10 11:13:26 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in_gif.c,v 1.91 2017/11/27 05:05:51 knakahara Exp $ */
+/* $NetBSD: in_gif.c,v 1.92 2018/01/10 11:13:26 knakahara Exp $ */
/* $KAME: in_gif.c,v 1.66 2001/07/29 04:46:09 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_gif.c,v 1.91 2017/11/27 05:05:51 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_gif.c,v 1.92 2018/01/10 11:13:26 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -303,35 +303,14 @@
gif_validate4(const struct ip *ip, struct gif_variant *var, struct ifnet *ifp)
{
struct sockaddr_in *src, *dst;
- struct in_ifaddr *ia4;
- int s;
+ int ret;
src = satosin(var->gv_psrc);
dst = satosin(var->gv_pdst);
- /* check for address match */
- if (src->sin_addr.s_addr != ip->ip_dst.s_addr ||
- dst->sin_addr.s_addr != ip->ip_src.s_addr)
- return 0;
-
- /* martian filters on outer source - NOT done in ip_input! */
- if (IN_MULTICAST(ip->ip_src.s_addr))
- return 0;
- switch ((ntohl(ip->ip_src.s_addr) & 0xff000000) >> 24) {
- case 0: case 127: case 255:
+ ret = in_tunnel_validate(ip, src->sin_addr, dst->sin_addr);
+ if (ret == 0)
return 0;
- }
- /* reject packets with broadcast on source */
- s = pserialize_read_enter();
- IN_ADDRLIST_READER_FOREACH(ia4) {
- if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0)
- continue;
- if (ip->ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) {
- pserialize_read_exit(s);
- return 0;
- }
- }
- pserialize_read_exit(s);
/* ingress filters on outer source */
if ((var->gv_softc->gif_if.if_flags & IFF_LINK2) == 0 && ifp) {
@@ -357,7 +336,7 @@
rt_unref(rt);
}
- return 32 * 2;
+ return ret;
}
#ifdef GIF_ENCAPCHECK
diff -r b6242d1d8a22 -r 0bf8acc1c5fe sys/netinet6/in6_gif.c
--- a/sys/netinet6/in6_gif.c Wed Jan 10 11:11:20 2018 +0000
+++ b/sys/netinet6/in6_gif.c Wed Jan 10 11:13:26 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_gif.c,v 1.89 2017/11/27 05:05:51 knakahara Exp $ */
+/* $NetBSD: in6_gif.c,v 1.90 2018/01/10 11:13:26 knakahara Exp $ */
/* $KAME: in6_gif.c,v 1.62 2001/07/29 04:27:25 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_gif.c,v 1.89 2017/11/27 05:05:51 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_gif.c,v 1.90 2018/01/10 11:13:26 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -322,17 +322,15 @@
struct ifnet *ifp)
{
const struct sockaddr_in6 *src, *dst;
+ int ret;
src = satosin6(var->gv_psrc);
dst = satosin6(var->gv_pdst);
- /* check for address match */
- if (!IN6_ARE_ADDR_EQUAL(&src->sin6_addr, &ip6->ip6_dst) ||
- !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_src))
+ ret = in6_tunnel_validate(ip6, &src->sin6_addr, &dst->sin6_addr);
+ if (ret == 0)
return 0;
- /* martian filters on outer source - done in ip6_input */
-
/* ingress filters on outer source */
if ((var->gv_softc->gif_if.if_flags & IFF_LINK2) == 0 && ifp) {
union {
@@ -359,7 +357,7 @@
rt_unref(rt);
}
- return 128 * 2;
+ return ret;
}
#ifdef GIF_ENCAPCHECK
Home |
Main Index |
Thread Index |
Old Index