Module Name: src
Committed By: knakahara
Date: Wed Jan 10 11:13:26 UTC 2018
Modified Files:
src/sys/netinet: in_gif.c
src/sys/netinet6: in6_gif.c
Log Message:
apply in{,6}_tunnel_validate() to gif(4).
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 src/sys/netinet/in_gif.c
cvs rdiff -u -r1.89 -r1.90 src/sys/netinet6/in6_gif.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/in_gif.c
diff -u src/sys/netinet/in_gif.c:1.91 src/sys/netinet/in_gif.c:1.92
--- src/sys/netinet/in_gif.c:1.91 Mon Nov 27 05:05:51 2017
+++ src/sys/netinet/in_gif.c Wed Jan 10 11:13:26 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: in_gif.c,v 1.91 2017/11/27 05:05:51 knakahara Exp $ */
+/* $NetBSD: in_gif.c,v 1.92 2018/01/10 11:13:26 knakahara Exp $ */
/* $KAME: in_gif.c,v 1.66 2001/07/29 04:46:09 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_gif.c,v 1.91 2017/11/27 05:05:51 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_gif.c,v 1.92 2018/01/10 11:13:26 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -303,36 +303,15 @@ static int
gif_validate4(const struct ip *ip, struct gif_variant *var, struct ifnet *ifp)
{
struct sockaddr_in *src, *dst;
- struct in_ifaddr *ia4;
- int s;
+ int ret;
src = satosin(var->gv_psrc);
dst = satosin(var->gv_pdst);
- /* check for address match */
- if (src->sin_addr.s_addr != ip->ip_dst.s_addr ||
- dst->sin_addr.s_addr != ip->ip_src.s_addr)
+ ret = in_tunnel_validate(ip, src->sin_addr, dst->sin_addr);
+ if (ret == 0)
return 0;
- /* martian filters on outer source - NOT done in ip_input! */
- if (IN_MULTICAST(ip->ip_src.s_addr))
- return 0;
- switch ((ntohl(ip->ip_src.s_addr) & 0xff000000) >> 24) {
- case 0: case 127: case 255:
- return 0;
- }
- /* reject packets with broadcast on source */
- s = pserialize_read_enter();
- IN_ADDRLIST_READER_FOREACH(ia4) {
- if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0)
- continue;
- if (ip->ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) {
- pserialize_read_exit(s);
- return 0;
- }
- }
- pserialize_read_exit(s);
-
/* ingress filters on outer source */
if ((var->gv_softc->gif_if.if_flags & IFF_LINK2) == 0 && ifp) {
union {
@@ -357,7 +336,7 @@ gif_validate4(const struct ip *ip, struc
rt_unref(rt);
}
- return 32 * 2;
+ return ret;
}
#ifdef GIF_ENCAPCHECK
Index: src/sys/netinet6/in6_gif.c
diff -u src/sys/netinet6/in6_gif.c:1.89 src/sys/netinet6/in6_gif.c:1.90
--- src/sys/netinet6/in6_gif.c:1.89 Mon Nov 27 05:05:51 2017
+++ src/sys/netinet6/in6_gif.c Wed Jan 10 11:13:26 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_gif.c,v 1.89 2017/11/27 05:05:51 knakahara Exp $ */
+/* $NetBSD: in6_gif.c,v 1.90 2018/01/10 11:13:26 knakahara Exp $ */
/* $KAME: in6_gif.c,v 1.62 2001/07/29 04:27:25 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_gif.c,v 1.89 2017/11/27 05:05:51 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_gif.c,v 1.90 2018/01/10 11:13:26 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -322,17 +322,15 @@ gif_validate6(const struct ip6_hdr *ip6,
struct ifnet *ifp)
{
const struct sockaddr_in6 *src, *dst;
+ int ret;
src = satosin6(var->gv_psrc);
dst = satosin6(var->gv_pdst);
- /* check for address match */
- if (!IN6_ARE_ADDR_EQUAL(&src->sin6_addr, &ip6->ip6_dst) ||
- !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_src))
+ ret = in6_tunnel_validate(ip6, &src->sin6_addr, &dst->sin6_addr);
+ if (ret == 0)
return 0;
- /* martian filters on outer source - done in ip6_input */
-
/* ingress filters on outer source */
if ((var->gv_softc->gif_if.if_flags & IFF_LINK2) == 0 && ifp) {
union {
@@ -359,7 +357,7 @@ gif_validate6(const struct ip6_hdr *ip6,
rt_unref(rt);
}
- return 128 * 2;
+ return ret;
}
#ifdef GIF_ENCAPCHECK
