Created attachment 224415 [details] Patch for ip_input.c The current implement of ip_input() reject packets destined for 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local addresses. Initial commit https://cgit.freebsd.org/src/commit/sys/netinet/ip_input.c?id=f8429ca2e1fa36f5c35a764438475415272eff2e . See RFC 3927 section 2.7.
https://reviews.freebsd.org/D29968
^Triage: assign to mailing list. Note that original committer is no longer working on FreeBSD.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3d846e48227e2e78c1e7b35145f57353ffda56ba commit 3d846e48227e2e78c1e7b35145f57353ffda56ba Author: Zhenlei Huang <zlei.huang@gmail.com> AuthorDate: 2021-05-18 20:51:37 +0000 Commit: Lutz Donnerhacke <donner@FreeBSD.org> CommitDate: 2021-05-18 20:59:46 +0000 Do not forward datagrams originated by link-local addresses The current implement of ip_input() reject packets destined for 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local addresses. Fix to fully respect RFC 3927 section 2.7. PR: 255388 Reviewed by: donner, rgrimes, karels MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D29968 sys/netinet/ip_input.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=03b0505b8fe848f33f2f38fe89dd5538908c847e commit 03b0505b8fe848f33f2f38fe89dd5538908c847e Author: Zhenlei Huang <zlei.huang@gmail.com> AuthorDate: 2021-05-22 21:53:52 +0000 Commit: Lutz Donnerhacke <donner@FreeBSD.org> CommitDate: 2021-05-22 22:01:37 +0000 ip_forward: Restore RFC reference Add RFC reference lost in 3d846e48227e2e78c1e7b35145f57353ffda56ba PR: 255388 Reviewed By: rgrimes, donner, karels, marcus, emaste MFC after: 27 days Differential Revision: https://reviews.freebsd.org/D30374 sys/netinet/ip_input.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=7da8312f7bf050be4fe436ea66ac46414312ae26 commit 7da8312f7bf050be4fe436ea66ac46414312ae26 Author: Zhenlei Huang <zlei.huang@gmail.com> AuthorDate: 2021-05-18 20:51:37 +0000 Commit: Lutz Donnerhacke <donner@FreeBSD.org> CommitDate: 2021-06-17 08:08:59 +0000 Do not forward datagrams originated by link-local addresses The current implement of ip_input() reject packets destined for 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local addresses. Fix to fully respect RFC 3927 section 2.7. PR: 255388 Reviewed by: donner, rgrimes, karels Differential Revision: https://reviews.freebsd.org/D29968 Reviewed by: rgrimes, donner, karels, marcus, emaste Differential Revision: https://reviews.freebsd.org/D30374 (cherry picked from commit 3d846e48227e2e78c1e7b35145f57353ffda56ba) (cherry picked from commit 03b0505b8fe848f33f2f38fe89dd5538908c847e) sys/netinet/ip_input.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-)
A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=c0a91473f5be9f0660d1e043b1f08f7d50e815ad commit c0a91473f5be9f0660d1e043b1f08f7d50e815ad Author: Zhenlei Huang <zlei.huang@gmail.com> AuthorDate: 2021-05-18 20:51:37 +0000 Commit: Lutz Donnerhacke <donner@FreeBSD.org> CommitDate: 2021-06-17 08:18:46 +0000 Do not forward datagrams originated by link-local addresses The current implement of ip_input() reject packets destined for 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local addresses. Fix to fully respect RFC 3927 section 2.7. PR: 255388 Reviewed by: donner, rgrimes, karels Differential Revision: https://reviews.freebsd.org/D29968 Reviewed by: rgrimes, donner, karels, marcus, emaste Differential Revision: https://reviews.freebsd.org/D30374 (cherry picked from commit 3d846e48227e2e78c1e7b35145f57353ffda56ba) (cherry picked from commit 03b0505b8fe848f33f2f38fe89dd5538908c847e) sys/netinet/ip_input.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-)
A commit in branch stable/11 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=9d30353cb49467ba2b672673a5765588c4e857ec commit 9d30353cb49467ba2b672673a5765588c4e857ec Author: Zhenlei Huang <zlei.huang@gmail.com> AuthorDate: 2021-05-18 20:51:37 +0000 Commit: Lutz Donnerhacke <donner@FreeBSD.org> CommitDate: 2021-06-17 08:21:00 +0000 Do not forward datagrams originated by link-local addresses The current implement of ip_input() reject packets destined for 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local addresses. Fix to fully respect RFC 3927 section 2.7. PR: 255388 Reviewed by: donner, rgrimes, karels Differential Revision: https://reviews.freebsd.org/D29968 Reviewed by: rgrimes, donner, karels, marcus, emaste Differential Revision: https://reviews.freebsd.org/D30374 (cherry picked from commit 3d846e48227e2e78c1e7b35145f57353ffda56ba) (cherry picked from commit 03b0505b8fe848f33f2f38fe89dd5538908c847e) sys/netinet/ip_input.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-)