git: c53a68283300 - stable/14 - tcp: fix local blackholing
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 04 Sep 2025 20:03:23 UTC
The branch stable/14 has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=c53a6828330043d9ca2e2b56315cee4accd11f30
commit c53a6828330043d9ca2e2b56315cee4accd11f30
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2025-06-13 20:53:42 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2025-09-04 20:03:01 +0000
tcp: fix local blackholing
The sysctl-variable net.inet.tcp.blackhole_local should affect
TCP segments from an IPv6 address of the local host, not of a host
on the local area network.
Thanks to cc@ for pointing me to the issue.
Reviewed by: cc
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D50828
(cherry picked from commit de8fb1b3835758998a53d772deeebcdb71bbb823)
---
sys/netinet/tcp_input.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index b4c77c303df7..fb0c110d460d 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1411,7 +1411,7 @@ dropwithreset:
((V_blackhole == 1 && (thflags & TH_SYN)) || V_blackhole > 1))) &&
(V_blackhole_local || (
#ifdef INET6
- isipv6 ? !in6_localaddr(&ip6->ip6_src) :
+ isipv6 ? !in6_localip(&ip6->ip6_src) :
#endif
#ifdef INET
!in_localip(ip->ip_src)