Bug 255388

Summary: netinet/ip_input.c: Do not forward datagrams original from 169.254.0.0/16
Product: Base System Reporter: Zhenlei Huang <zlei>
Component: kernAssignee: freebsd-net (Nobody) <net>
Status: Closed FIXED    
Severity: Affects Some People CC: donner, rgrimes
Priority: --- Flags: donner: mfc-stable13+
donner: mfc-stable12+
donner: mfc-stable11+
Version: CURRENT   
Hardware: Any   
OS: Any   
URL: https://reviews.freebsd.org/D29968
Attachments:
Description Flags
Patch for ip_input.c none

Description Zhenlei Huang freebsd_committer freebsd_triage 2021-04-25 09:20:59 UTC 
Created attachment 224415 [details]
Patch for ip_input.c

The current implement of ip_input() reject packets destined for 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local addresses.

Initial commit https://cgit.freebsd.org/src/commit/sys/netinet/ip_input.c?id=f8429ca2e1fa36f5c35a764438475415272eff2e .

See RFC 3927 section 2.7.
Comment 1 Zhenlei Huang freebsd_committer freebsd_triage 2021-04-25 09:43:52 UTC 
https://reviews.freebsd.org/D29968
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2021-04-25 18:27:58 UTC 
^Triage: assign to mailing list.  Note that original committer is no longer working on FreeBSD.
Comment 3 commit-hook freebsd_committer freebsd_triage 2021-05-18 21:02:07 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=3d846e48227e2e78c1e7b35145f57353ffda56ba

commit 3d846e48227e2e78c1e7b35145f57353ffda56ba
Author:     Zhenlei Huang <zlei.huang@gmail.com>
AuthorDate: 2021-05-18 20:51:37 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-18 20:59:46 +0000

    Do not forward datagrams originated by link-local addresses

    The current implement of ip_input() reject packets destined for
    169.254.0.0/16, but not those original from 169.254.0.0/16 link-local
    addresses.

    Fix to fully respect RFC 3927 section 2.7.

    PR:             255388
    Reviewed by:    donner, rgrimes, karels
    MFC after:      1 month
    Differential Revision:  https://reviews.freebsd.org/D29968

 sys/netinet/ip_input.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2021-05-22 22:03:21 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=03b0505b8fe848f33f2f38fe89dd5538908c847e

commit 03b0505b8fe848f33f2f38fe89dd5538908c847e
Author:     Zhenlei Huang <zlei.huang@gmail.com>
AuthorDate: 2021-05-22 21:53:52 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-22 22:01:37 +0000

    ip_forward: Restore RFC reference

    Add RFC reference lost in 3d846e48227e2e78c1e7b35145f57353ffda56ba

    PR:             255388
    Reviewed By:    rgrimes, donner, karels, marcus, emaste
    MFC after:      27 days
    Differential Revision: https://reviews.freebsd.org/D30374

 sys/netinet/ip_input.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2021-06-17 08:16:42 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=7da8312f7bf050be4fe436ea66ac46414312ae26

commit 7da8312f7bf050be4fe436ea66ac46414312ae26
Author:     Zhenlei Huang <zlei.huang@gmail.com>
AuthorDate: 2021-05-18 20:51:37 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-06-17 08:08:59 +0000

    Do not forward datagrams originated by link-local addresses

    The current implement of ip_input() reject packets destined for
    169.254.0.0/16, but not those original from 169.254.0.0/16 link-local
    addresses.

    Fix to fully respect RFC 3927 section 2.7.

    PR:             255388
    Reviewed by:    donner, rgrimes, karels
    Differential Revision:  https://reviews.freebsd.org/D29968
    Reviewed by:    rgrimes, donner, karels, marcus, emaste
    Differential Revision: https://reviews.freebsd.org/D30374

    (cherry picked from commit 3d846e48227e2e78c1e7b35145f57353ffda56ba)
    (cherry picked from commit 03b0505b8fe848f33f2f38fe89dd5538908c847e)

 sys/netinet/ip_input.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)
Comment 6 commit-hook freebsd_committer freebsd_triage 2021-06-17 08:19:44 UTC 
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=c0a91473f5be9f0660d1e043b1f08f7d50e815ad

commit c0a91473f5be9f0660d1e043b1f08f7d50e815ad
Author:     Zhenlei Huang <zlei.huang@gmail.com>
AuthorDate: 2021-05-18 20:51:37 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-06-17 08:18:46 +0000

    Do not forward datagrams originated by link-local addresses

    The current implement of ip_input() reject packets destined for
    169.254.0.0/16, but not those original from 169.254.0.0/16 link-local
    addresses.

    Fix to fully respect RFC 3927 section 2.7.

    PR:             255388
    Reviewed by:    donner, rgrimes, karels
    Differential Revision:  https://reviews.freebsd.org/D29968
    Reviewed by:    rgrimes, donner, karels, marcus, emaste
    Differential Revision: https://reviews.freebsd.org/D30374

    (cherry picked from commit 3d846e48227e2e78c1e7b35145f57353ffda56ba)
    (cherry picked from commit 03b0505b8fe848f33f2f38fe89dd5538908c847e)

 sys/netinet/ip_input.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)
Comment 7 commit-hook freebsd_committer freebsd_triage 2021-06-17 08:22:45 UTC 
A commit in branch stable/11 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=9d30353cb49467ba2b672673a5765588c4e857ec

commit 9d30353cb49467ba2b672673a5765588c4e857ec
Author:     Zhenlei Huang <zlei.huang@gmail.com>
AuthorDate: 2021-05-18 20:51:37 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-06-17 08:21:00 +0000

    Do not forward datagrams originated by link-local addresses

    The current implement of ip_input() reject packets destined for
    169.254.0.0/16, but not those original from 169.254.0.0/16 link-local
    addresses.

    Fix to fully respect RFC 3927 section 2.7.

    PR:             255388
    Reviewed by:    donner, rgrimes, karels
    Differential Revision:  https://reviews.freebsd.org/D29968
    Reviewed by:    rgrimes, donner, karels, marcus, emaste
    Differential Revision: https://reviews.freebsd.org/D30374

    (cherry picked from commit 3d846e48227e2e78c1e7b35145f57353ffda56ba)
    (cherry picked from commit 03b0505b8fe848f33f2f38fe89dd5538908c847e)

 sys/netinet/ip_input.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)