[Differential] D9451: Constrain IPv6 interface routes to each FIB
jhujhiti_adjectivism.org (Erick Turnquist)
phabric-noreply at FreeBSD.org
Wed Mar 8 01:41:51 UTC 2017
jhujhiti_adjectivism.org marked 6 inline comments as done.
jhujhiti_adjectivism.org added inline comments.
INLINE COMMENTS
> asomers wrote in icmp6.c:2147
> No. According to the comment at the bottom of icmp6_error, it isn't, because icmp6_reflect can sometimes be called from the output path. In that case, there wouldn't be a receiving interface. However, `M_GETFIB(m)` will definitely return _a_ fib. It will either have the fib of the receiving interface if this is on the receive path, or the fib of the socket if this is on the output path. Socket fibs default to the process fib, which cannot be `RT_ALL_FIBS`, but they can also be set by `setsockopt(..., SO_SETFIB, ...)`, which also doesn't allow `RT_ALL_FIBS`. So I think your code is ok here.
Ah yes, that's how I should have phrased it - valid FIB even if called in the output path.
> asomers wrote in nd6_nbr.c:265
> As with `nd6_is_new_addr_neighbor`, we should get @bz's review here.
I think this is the only thing left to consider for this patch, but it seems to me that using the receiving interface's FIB is the most correct thing to do here. Checking other FIBs seems incorrect since that would cause the proxy to "leak" across FIB boundaries.
REPOSITORY
rS FreeBSD src repository
REVISION DETAIL
https://reviews.freebsd.org/D9451
EMAIL PREFERENCES
https://reviews.freebsd.org/settings/panel/emailpreferences/
To: jhujhiti_adjectivism.org, #network, bz, asomers
Cc: jch, bz, imp, ae, freebsd-net-list
More information about the freebsd-net
mailing list