svn commit: r361572 - in head/sys: netinet netinet6

Alexander V. Chernikov melifaro at FreeBSD.org
Thu May 28 07:26:19 UTC 2020 

Author: melifaro
Date: Thu May 28 07:26:18 2020
New Revision: 361572
URL: https://svnweb.freebsd.org/changeset/base/361572

Log:
  Switch gif(4) path verification to fib[46]_check_urfp().
  
  fibX_lookup_nh_ represents pre-epoch generation of fib api,
  providing less guarantees over pointer validness and requiring
  on-stack data copying.
  Use specialized fib[46]_check_urpf() from newer KPI instead,
  to allow removal of older KPI.
  
  Reviewed by:	ae
  Differential Revision:	https://reviews.freebsd.org/D24978

Modified:
  head/sys/netinet/in_gif.c
  head/sys/netinet6/in6_gif.c

Modified: head/sys/netinet/in_gif.c
==============================================================================
--- head/sys/netinet/in_gif.c	Thu May 28 07:23:27 2020	(r361571)
+++ head/sys/netinet/in_gif.c	Thu May 28 07:26:18 2020	(r361572)
@@ -379,13 +379,8 @@ done:
 		return (0);
 	/* ingress filters on outer source */
 	if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) {
-		struct nhop4_basic nh4;
-		struct in_addr dst;
-
-		dst = ip->ip_src;
-		if (fib4_lookup_nh_basic(sc->gif_fibnum, dst, 0, 0, &nh4) != 0)
-			return (0);
-		if (nh4.nh_ifp != m->m_pkthdr.rcvif)
+		if (fib4_check_urpf(sc->gif_fibnum, ip->ip_src, 0, NHR_NONE,
+					m->m_pkthdr.rcvif) == 0)
 			return (0);
 	}
 	*arg = sc;

Modified: head/sys/netinet6/in6_gif.c
==============================================================================
--- head/sys/netinet6/in6_gif.c	Thu May 28 07:23:27 2020	(r361571)
+++ head/sys/netinet6/in6_gif.c	Thu May 28 07:26:18 2020	(r361572)
@@ -402,13 +402,9 @@ done:
 		return (0);
 	/* ingress filters on outer source */
 	if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) {
-		struct nhop6_basic nh6;
-
-		if (fib6_lookup_nh_basic(sc->gif_fibnum, &ip6->ip6_src,
-		    ntohs(in6_getscope(&ip6->ip6_src)), 0, 0, &nh6) != 0)
-			return (0);
-
-		if (nh6.nh_ifp != m->m_pkthdr.rcvif)
+		if (fib6_check_urpf(sc->gif_fibnum, &ip6->ip6_src,
+		    ntohs(in6_getscope(&ip6->ip6_src)), NHR_NONE,
+		    m->m_pkthdr.rcvif) == 0)
 			return (0);
 	}
 	*arg = sc;

More information about the svn-src-all mailing list