[Bug 277349] The net.inet.ip.source_address_validation should ignore CARP IP in backup state
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 19 Mar 2024 18:58:12 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277349
--- Comment #7 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=56f7860087eec14b4a65310b70bd704e79e1b48c
commit 56f7860087eec14b4a65310b70bd704e79e1b48c
Author: Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2024-03-19 18:48:59 +0000
Commit: Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2024-03-19 18:48:59 +0000
carp: check CARP status in in_localip_fib(), in6_localip_fib()
Don't report a BACKUP CARP address as local. These two functions are used
only by source address validation for input packets, controlled by sysctls
net.inet.ip.source_address_validation and
net.inet6.ip6.source_address_validation. For this purpose we definitely
want to treat BACKUP addresses as non local.
This change is conservative and doesn't modify compat in_localip() and
in6_localip(). They are used more widely than the FIB-aware versions.
The change would modify the notion of ipfw(4) 'me' keyword. There might
be other consequences as in_localip() is used by various tunneling
protocols.
PR: 277349
sys/netinet/in.c | 4 +++-
sys/netinet6/in6.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
--
You are receiving this mail because:
You are the assignee for the bug.