On Sun, Aug 30, 2020 at 8:45 PM Kyle Evans <[email protected]> wrote: > > Author: kevans > Date: Mon Aug 31 01:45:48 2020 > New Revision: 364982 > URL: https://svnweb.freebsd.org/changeset/base/364982 > > Log: > ipv6: quit dropping packets looping back on p2p interfaces > > To paraphrase the below-referenced PR: > > This logic originated in the KAME project, and was even controversial when > it was enabled there by default in 2001. No such equivalent logic exists in > the IPv4 stack, and it turns out that this leads to us dropping valid > traffic when the "point to point" interface is actually a 1:many tun > interface, e.g. with the wireguard userland stack. > > Even in the case of true point-to-point links, this logic only avoids > transient looping of packets sent by misconfigured applications or > attackers, which can be subverted by proper route configuration rather than > hardcoded logic in the kernel to drop packets. > > In the review, melifaro goes on to note that the kernel can't fix it, so it > perhaps shouldn't try to be 'smart' about it. Additionally, that TTL will > still kick in even with incorrect route configuration. > > PR: 247718 > Reviewed by: melifaro, rgrimes > MFC after: 1 week > Differential Revision: https://reviews.freebsd.org/D25567 >
I should note that this was: Submitted by: Mira Ressel <[email protected]> It was then put into review form by Lutz Donnerhacke to help guide the patch into the correct hands. Apologies for the omission- Kyle Evans _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "[email protected]"
