svn commit: r361572 - in head/sys: netinet netinet6

[Alexander V. Chernikov]

Author: melifaro
Date: Thu May 28 07:26:18 2020
New Revision: 361572
URL: https://svnweb.freebsd.org/changeset/base/361572

Log:
  Switch gif(4) path verification to fib[46]_check_urfp().
  
  fibX_lookup_nh_ represents pre-epoch generation of fib api,
  providing less guarantees over pointer validness and requiring
  on-stack data copying.
  Use specialized fib[46]_check_urpf() from newer KPI instead,
  to allow removal of older KPI.
  
  Reviewed by:  ae
  Differential Revision:        https://reviews.freebsd.org/D24978

Modified:
  head/sys/netinet/in_gif.c
  head/sys/netinet6/in6_gif.c

Modified: head/sys/netinet/in_gif.c
==============================================================================
--- head/sys/netinet/in_gif.c   Thu May 28 07:23:27 2020        (r361571)
+++ head/sys/netinet/in_gif.c   Thu May 28 07:26:18 2020        (r361572)
@@ -379,13 +379,8 @@ done:
                return (0);
        /* ingress filters on outer source */
        if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) {
-               struct nhop4_basic nh4;
-               struct in_addr dst;
-
-               dst = ip->ip_src;
-               if (fib4_lookup_nh_basic(sc->gif_fibnum, dst, 0, 0, &nh4) != 0)
-                       return (0);
-               if (nh4.nh_ifp != m->m_pkthdr.rcvif)
+               if (fib4_check_urpf(sc->gif_fibnum, ip->ip_src, 0, NHR_NONE,
+                                       m->m_pkthdr.rcvif) == 0)
                        return (0);
        }
        *arg = sc;

Modified: head/sys/netinet6/in6_gif.c
==============================================================================
--- head/sys/netinet6/in6_gif.c Thu May 28 07:23:27 2020        (r361571)
+++ head/sys/netinet6/in6_gif.c Thu May 28 07:26:18 2020        (r361572)
@@ -402,13 +402,9 @@ done:
                return (0);
        /* ingress filters on outer source */
        if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) {
-               struct nhop6_basic nh6;
-
-               if (fib6_lookup_nh_basic(sc->gif_fibnum, &ip6->ip6_src,
-                   ntohs(in6_getscope(&ip6->ip6_src)), 0, 0, &nh6) != 0)
-                       return (0);
-
-               if (nh6.nh_ifp != m->m_pkthdr.rcvif)
+               if (fib6_check_urpf(sc->gif_fibnum, &ip6->ip6_src,
+                   ntohs(in6_getscope(&ip6->ip6_src)), NHR_NONE,
+                   m->m_pkthdr.rcvif) == 0)
                        return (0);
        }
        *arg = sc;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"