Module Name: src Committed By: roy Date: Fri Nov 24 14:03:25 UTC 2017
Modified Files: src/sys/netinet: ip_input.c src/sys/netinet6: in6_src.c ip6_input.c ip6_output.c Log Message: Allow local communication over DETACHED addresses. Allow binding to DETACHED or TENTATIVE addresses as we deny sending upstream from them anyway. Prefer non DETACHED or TENTATIVE addresses. To generate a diff of this commit: cvs rdiff -u -r1.362 -r1.363 src/sys/netinet/ip_input.c cvs rdiff -u -r1.82 -r1.83 src/sys/netinet6/in6_src.c cvs rdiff -u -r1.183 -r1.184 src/sys/netinet6/ip6_input.c cvs rdiff -u -r1.193 -r1.194 src/sys/netinet6/ip6_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.362 src/sys/netinet/ip_input.c:1.363 --- src/sys/netinet/ip_input.c:1.362 Fri Nov 17 07:37:12 2017 +++ src/sys/netinet/ip_input.c Fri Nov 24 14:03:25 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.362 2017/11/17 07:37:12 ozaki-r Exp $ */ +/* $NetBSD: ip_input.c,v 1.363 2017/11/24 14:03:25 roy Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.362 2017/11/17 07:37:12 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.363 2017/11/24 14:03:25 roy Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -371,11 +371,14 @@ ip_match_our_address(struct ifnet *ifp, continue; if (checkif && ia->ia_ifp != ifp) continue; - if ((ia->ia_ifp->if_flags & IFF_UP) != 0 && - (ia->ia4_flags & IN_IFF_DETACHED) == 0) - break; - else + if ((ia->ia_ifp->if_flags & IFF_UP) == 0) { (*downmatch)++; + continue; + } + if (ia->ia4_flags & IN_IFF_DETACHED && + (ifp->if_flags & IFF_LOOPBACK) == 0) + continue; + break; } } @@ -392,7 +395,10 @@ ip_match_our_address_broadcast(struct if if (ifa->ifa_addr->sa_family != AF_INET) continue; ia = ifatoia(ifa); - if (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED)) + if (ia->ia4_flags & IN_IFF_NOTREADY) + continue; + if (ia->ia4_flags & IN_IFF_DETACHED && + (ifp->if_flags & IFF_LOOPBACK) == 0) continue; if (in_hosteq(ip->ip_dst, ia->ia_broadaddr.sin_addr) || in_hosteq(ip->ip_dst, ia->ia_netbroadcast) || Index: src/sys/netinet6/in6_src.c diff -u src/sys/netinet6/in6_src.c:1.82 src/sys/netinet6/in6_src.c:1.83 --- src/sys/netinet6/in6_src.c:1.82 Mon Nov 20 09:01:20 2017 +++ src/sys/netinet6/in6_src.c Fri Nov 24 14:03:25 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: in6_src.c,v 1.82 2017/11/20 09:01:20 ozaki-r Exp $ */ +/* $NetBSD: in6_src.c,v 1.83 2017/11/24 14:03:25 roy Exp $ */ /* $KAME: in6_src.c,v 1.159 2005/10/19 01:40:32 t-momose Exp $ */ /* @@ -66,7 +66,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: in6_src.c,v 1.82 2017/11/20 09:01:20 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in6_src.c,v 1.83 2017/11/24 14:03:25 roy Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -217,10 +217,14 @@ in6_select_best_ia(struct sockaddr_in6 * } /* avoid unusable addresses */ - if ((ia->ia6_flags & - (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { - continue; - } + if ((ia->ia6_flags & (IN6_IFF_DUPLICATED | IN6_IFF_ANYCAST))) + continue; + /* Prefer validated addresses */ + if (!(ia->ia6_flags & (IN6_IFF_TENTATIVE | IN6_IFF_DETACHED)) && + ia_best != NULL && + ia_best->ia6_flags & (IN6_IFF_TENTATIVE | IN6_IFF_DETACHED)) + REPLACE(0); + if (!ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) continue; @@ -238,7 +242,7 @@ in6_select_best_ia(struct sockaddr_in6 * } if (ia_best == NULL) - REPLACE(0); + REPLACE(1); /* Rule 2: Prefer appropriate scope */ if (dst_scope < 0) Index: src/sys/netinet6/ip6_input.c diff -u src/sys/netinet6/ip6_input.c:1.183 src/sys/netinet6/ip6_input.c:1.184 --- src/sys/netinet6/ip6_input.c:1.183 Fri Nov 17 07:37:12 2017 +++ src/sys/netinet6/ip6_input.c Fri Nov 24 14:03:25 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.183 2017/11/17 07:37:12 ozaki-r Exp $ */ +/* $NetBSD: ip6_input.c,v 1.184 2017/11/24 14:03:25 roy Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.183 2017/11/17 07:37:12 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.184 2017/11/24 14:03:25 roy Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" @@ -501,13 +501,33 @@ ip6_input(struct mbuf *m, struct ifnet * #endif rt->rt_ifp->if_type == IFT_LOOP) { struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; + int addrok; + if (ia6->ia6_flags & IN6_IFF_ANYCAST) m->m_flags |= M_ANYCAST6; /* * packets to a tentative, duplicated, or somehow invalid * address must not be accepted. */ - if (!(ia6->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_DETACHED))) { + if (ia6->ia6_flags & IN6_IFF_NOTREADY) + addrok = 0; + else if (ia6->ia6_flags & IN6_IFF_DETACHED && + !IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) + { + /* Allow internal traffic to DETACHED addresses */ + struct sockaddr_in6 sin6; + int s; + + memset(&sin6, 0, sizeof(sin6)); + sin6.sin6_family = AF_INET6; + sin6.sin6_len = sizeof(sin6); + sin6.sin6_addr = ip6->ip6_src; + s = pserialize_read_enter(); + addrok = (ifa_ifwithaddr(sin6tosa(&sin6)) != NULL); + pserialize_read_exit(s); + } else + addrok = 0; + if (addrok) { /* this address is ready */ ours = 1; deliverifp = ia6->ia_ifp; /* correct? */ Index: src/sys/netinet6/ip6_output.c diff -u src/sys/netinet6/ip6_output.c:1.193 src/sys/netinet6/ip6_output.c:1.194 --- src/sys/netinet6/ip6_output.c:1.193 Wed Aug 2 01:28:03 2017 +++ src/sys/netinet6/ip6_output.c Fri Nov 24 14:03:25 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.193 2017/08/02 01:28:03 ozaki-r Exp $ */ +/* $NetBSD: ip6_output.c,v 1.194 2017/11/24 14:03:25 roy Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.193 2017/08/02 01:28:03 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.194 2017/11/24 14:03:25 roy Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -134,7 +134,7 @@ static int ip6_insert_jumboopt(struct ip static int ip6_splithdr(struct mbuf *, struct ip6_exthdrs *); static int ip6_getpmtu(struct rtentry *, struct ifnet *, u_long *, int *); static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int); -static int ip6_ifaddrvalid(const struct in6_addr *); +static int ip6_ifaddrvalid(const struct in6_addr *, const struct in6_addr *); static int ip6_handle_rthdr(struct ip6_rthdr *, struct ip6_hdr *); #ifdef RFC2292 @@ -605,7 +605,9 @@ ip6_output( /* scope check is done. */ /* Ensure we only send from a valid address. */ - if ((error = ip6_ifaddrvalid(&src0)) != 0) { + if ((ifp->if_flags & IFF_LOOPBACK) == 0 && + (error = ip6_ifaddrvalid(&src0, &dst0)) != 0) + { char ip6buf[INET6_ADDRSTRLEN]; nd6log(LOG_ERR, "refusing to send from invalid address %s (pid %d)\n", @@ -3363,27 +3365,31 @@ ip6_optlen(struct in6pcb *in6p) * if the packet could be dropped without error (protocol dependent). */ static int -ip6_ifaddrvalid(const struct in6_addr *addr) +ip6_ifaddrvalid(const struct in6_addr *src, const struct in6_addr *dst) { struct sockaddr_in6 sin6; int s, error; struct ifaddr *ifa; struct in6_ifaddr *ia6; - if (IN6_IS_ADDR_UNSPECIFIED(addr)) + if (IN6_IS_ADDR_UNSPECIFIED(src)) return 0; memset(&sin6, 0, sizeof(sin6)); sin6.sin6_family = AF_INET6; sin6.sin6_len = sizeof(sin6); - sin6.sin6_addr = *addr; + sin6.sin6_addr = *src; s = pserialize_read_enter(); ifa = ifa_ifwithaddr(sin6tosa(&sin6)); if ((ia6 = ifatoia6(ifa)) == NULL || ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_DUPLICATED)) error = -1; - else if (ia6->ia6_flags & (IN6_IFF_TENTATIVE | IN6_IFF_DETACHED)) + else if (ia6->ia6_flags & IN6_IFF_TENTATIVE) + error = 1; + else if (ia6->ia6_flags & IN6_IFF_DETACHED && + ifa_ifwithaddr(sin6tosa(&dst)) == NULL) + /* Allow internal traffic to DETACHED addresses */ error = 1; else error = 0;