diff options
author | Alexander V. Chernikov <melifaro@FreeBSD.org> | 2020-05-28 07:26:18 +0000 |
---|---|---|
committer | Alexander V. Chernikov <melifaro@FreeBSD.org> | 2020-05-28 07:26:18 +0000 |
commit | 7bfc98af12d6155e2efca171cffe6c441ca6b6e1 (patch) | |
tree | 19a1f76a924519f59851a6998df474e19138fb03 /sys/netinet6 | |
parent | cb86ca48bf17a5df5dccbc9eb0fe0d6c2b86fbb0 (diff) | |
download | src-7bfc98af12d6155e2efca171cffe6c441ca6b6e1.tar.gz src-7bfc98af12d6155e2efca171cffe6c441ca6b6e1.zip |
Switch gif(4) path verification to fib[46]_check_urfp().
fibX_lookup_nh_ represents pre-epoch generation of fib api,
providing less guarantees over pointer validness and requiring
on-stack data copying.
Use specialized fib[46]_check_urpf() from newer KPI instead,
to allow removal of older KPI.
Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D24978
Notes
Notes:
svn path=/head/; revision=361572
Diffstat (limited to 'sys/netinet6')
-rw-r--r-- | sys/netinet6/in6_gif.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/sys/netinet6/in6_gif.c b/sys/netinet6/in6_gif.c index 4bd2dc9d594b..33cc06d065b8 100644 --- a/sys/netinet6/in6_gif.c +++ b/sys/netinet6/in6_gif.c @@ -402,13 +402,9 @@ done: return (0); /* ingress filters on outer source */ if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) { - struct nhop6_basic nh6; - - if (fib6_lookup_nh_basic(sc->gif_fibnum, &ip6->ip6_src, - ntohs(in6_getscope(&ip6->ip6_src)), 0, 0, &nh6) != 0) - return (0); - - if (nh6.nh_ifp != m->m_pkthdr.rcvif) + if (fib6_check_urpf(sc->gif_fibnum, &ip6->ip6_src, + ntohs(in6_getscope(&ip6->ip6_src)), NHR_NONE, + m->m_pkthdr.rcvif) == 0) return (0); } *arg = sc; |