Author: melifaro Date: Thu May 28 07:26:18 2020 New Revision: 361572 URL: https://svnweb.freebsd.org/changeset/base/361572
Log: Switch gif(4) path verification to fib[46]_check_urfp(). fibX_lookup_nh_ represents pre-epoch generation of fib api, providing less guarantees over pointer validness and requiring on-stack data copying. Use specialized fib[46]_check_urpf() from newer KPI instead, to allow removal of older KPI. Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D24978 Modified: head/sys/netinet/in_gif.c head/sys/netinet6/in6_gif.c Modified: head/sys/netinet/in_gif.c ============================================================================== --- head/sys/netinet/in_gif.c Thu May 28 07:23:27 2020 (r361571) +++ head/sys/netinet/in_gif.c Thu May 28 07:26:18 2020 (r361572) @@ -379,13 +379,8 @@ done: return (0); /* ingress filters on outer source */ if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) { - struct nhop4_basic nh4; - struct in_addr dst; - - dst = ip->ip_src; - if (fib4_lookup_nh_basic(sc->gif_fibnum, dst, 0, 0, &nh4) != 0) - return (0); - if (nh4.nh_ifp != m->m_pkthdr.rcvif) + if (fib4_check_urpf(sc->gif_fibnum, ip->ip_src, 0, NHR_NONE, + m->m_pkthdr.rcvif) == 0) return (0); } *arg = sc; Modified: head/sys/netinet6/in6_gif.c ============================================================================== --- head/sys/netinet6/in6_gif.c Thu May 28 07:23:27 2020 (r361571) +++ head/sys/netinet6/in6_gif.c Thu May 28 07:26:18 2020 (r361572) @@ -402,13 +402,9 @@ done: return (0); /* ingress filters on outer source */ if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) { - struct nhop6_basic nh6; - - if (fib6_lookup_nh_basic(sc->gif_fibnum, &ip6->ip6_src, - ntohs(in6_getscope(&ip6->ip6_src)), 0, 0, &nh6) != 0) - return (0); - - if (nh6.nh_ifp != m->m_pkthdr.rcvif) + if (fib6_check_urpf(sc->gif_fibnum, &ip6->ip6_src, + ntohs(in6_getscope(&ip6->ip6_src)), NHR_NONE, + m->m_pkthdr.rcvif) == 0) return (0); } *arg = sc; _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"