svn commit: r364982 - head/sys/netinet6
Kyle Evans
kevans at freebsd.org
Mon Aug 31 16:06:23 UTC 2020
On Sun, Aug 30, 2020 at 8:45 PM Kyle Evans <kevans at freebsd.org> wrote:
>
> Author: kevans
> Date: Mon Aug 31 01:45:48 2020
> New Revision: 364982
> URL: https://svnweb.freebsd.org/changeset/base/364982
>
> Log:
> ipv6: quit dropping packets looping back on p2p interfaces
>
> To paraphrase the below-referenced PR:
>
> This logic originated in the KAME project, and was even controversial when
> it was enabled there by default in 2001. No such equivalent logic exists in
> the IPv4 stack, and it turns out that this leads to us dropping valid
> traffic when the "point to point" interface is actually a 1:many tun
> interface, e.g. with the wireguard userland stack.
>
> Even in the case of true point-to-point links, this logic only avoids
> transient looping of packets sent by misconfigured applications or
> attackers, which can be subverted by proper route configuration rather than
> hardcoded logic in the kernel to drop packets.
>
> In the review, melifaro goes on to note that the kernel can't fix it, so it
> perhaps shouldn't try to be 'smart' about it. Additionally, that TTL will
> still kick in even with incorrect route configuration.
>
> PR: 247718
> Reviewed by: melifaro, rgrimes
> MFC after: 1 week
> Differential Revision: https://reviews.freebsd.org/D25567
>
I should note that this was:
Submitted by: Mira Ressel <aranea at aixah.de>
It was then put into review form by Lutz Donnerhacke to help guide the
patch into the correct hands.
Apologies for the omission-
Kyle Evans
More information about the svn-src-all
mailing list