[Differential] D9451: Constrain IPv6 interface routes to each FIB
asomers (Alan Somers)
phabric-noreply at FreeBSD.org
Thu Mar 9 18:14:28 UTC 2017
asomers accepted this revision.
asomers added inline comments.
This revision has a positive review.
INLINE COMMENTS
> jhujhiti_adjectivism.org wrote in nd6_nbr.c:265
> I think this is the only thing left to consider for this patch, but it seems to me that using the receiving interface's FIB is the most correct thing to do here. Checking other FIBs seems incorrect since that would cause the proxy to "leak" across FIB boundaries.
At this point, `dst6` is the destination address of the received ns packet. ns packets are sent either to unicast or multicast addresses. In the former case, we should never receive a ns packet except to an address we already use, and it should only arrive at the interface that's using that address (unless your interface fib is different than fib the address was configured with, but I would call that a configuration error). If it's a multicast packet, the same logic applies, except that there's a small chance for us to receive a multicast ns packet for an address that's not ours. But even in that case, the packet should arrive at the interface that's a member of that multicast group, unless the group's unicast address is configured for a different fib than the interface. In summary, I think it's ok to use the receiving interface's fib here.
REPOSITORY
rS FreeBSD src repository
REVISION DETAIL
https://reviews.freebsd.org/D9451
EMAIL PREFERENCES
https://reviews.freebsd.org/settings/panel/emailpreferences/
To: jhujhiti_adjectivism.org, #network, bz, asomers
Cc: jch, bz, imp, ae, freebsd-net-list
More information about the freebsd-net
mailing list