HomeFreeBSD

netinet6: honor blackhole/unreach routes in the non-fastforwading code.

Description

netinet6: honor blackhole/unreach routes in the non-fastforwading code.

Currently, under the conditions specified below, IPv6 ingress packet
processing can ignore blackhole/reject flag on the prefix. The packet
will instead be looped locally till TTL expiration and a single ICMPv6
unreachable message will be send to the source even in case of
RTF_BLACKHOLE.
The following conditions needs hold to make the scenario happen:

  • IPv6 forwarding is enabled
  • Packet is not fast-forwarded
  • Destination prefix has either RTF_BLACKHOLE or RTF_REJECT flag

Fix this behavior by checking for the blackhole/reject flags in
ip6_forward().

Reported by: Dmitriy Smirnov <fox@sage.su>
Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D38164
MFC after: 3 days

Details

Provenance
melifaroAuthored on Jan 22 2023, 4:57 PM
Reviewer
ae
Differential Revision
D38164: netinet6: honor blackhole/unreach routes in the non-fastforwading code.
Parents
rG7a56009cf5b0: stress2: Added a regression test
Branches
Unknown
Tags
Unknown