Subject: Ye olde PR #991 - packets destined for interface IP# are accepted regardless of which interface they arrive on.
To: None <tech-net@netbsd.org>
From: Darren Reed <darrenr@reed.wattle.id.au>
List: tech-net
Date: 05/05/2000 20:10:32
Looking at the top 10 old PR's which have not been closed, 991 (one that
I'm responsible for :) is now there...and I think it is well past the
time when it should be delt with (there's been enough discussion about
it both in GNATS and here :)
The patch below introduces net.inet.ip.strictdest and I've set it up to
default to the value of 1 - i.e. to enforce IP#'s to match interfaces.
What impact will this have for DHCP/BOOTP, if any ? Other concerns besides
those listed in the PR already (and that person can either sysctl it to 0
or compile his kernel that way :)
Darren
*** in.h.orig Sat May 6 12:49:23 2000
--- in.h Sat May 6 12:49:23 2000
***************
*** 345,351 ****
#define IPCTL_MAXFLOWS 13 /* maximum ip flows allowed */
#define IPCTL_HOSTZEROBROADCAST 14 /* is host zero a broadcast addr? */
#define IPCTL_GIF_TTL 15 /* default TTL for gif encap packet */
! #define IPCTL_MAXID 16
#define IPCTL_NAMES { \
{ 0, 0 }, \
--- 345,352 ----
#define IPCTL_MAXFLOWS 13 /* maximum ip flows allowed */
#define IPCTL_HOSTZEROBROADCAST 14 /* is host zero a broadcast addr? */
#define IPCTL_GIF_TTL 15 /* default TTL for gif encap packet */
! #define IPCTL_STRICTDEST 16 /* strict matching of dest IP# to if */
! #define IPCTL_MAXID 17
#define IPCTL_NAMES { \
{ 0, 0 }, \
***************
*** 364,369 ****
--- 365,371 ----
{ "maxflows", CTLTYPE_INT }, \
{ "hostzerobroadcast", CTLTYPE_INT }, \
{ "gifttl", CTLTYPE_INT }, \
+ { "strictdest", CTLTYPE_INT }, \
}
#endif /* !_XOPEN_SOURCE */
*** ip_input.c.orig Sat May 6 12:49:23 2000
--- ip_input.c Sat May 6 13:07:04 2000
***************
*** 156,161 ****
--- 156,164 ----
#define IPFORWARDING 0 /* don't forward IP packets not for us */
#endif /* GATEWAY */
#endif /* IPFORWARDING */
+ #ifndef IPSTRICTDEST
+ #define IPSTRICTDEST 1
+ #endif
#ifndef IPSENDREDIRECTS
#define IPSENDREDIRECTS 1
#endif
***************
*** 184,189 ****
--- 187,193 ----
#endif /* DIRECTED_BROADCAST */
#endif /* IPDIRECTEDBCAST */
int ipforwarding = IPFORWARDING;
+ int ip_strictdest = IPSTRICTDEST;
int ipsendredirects = IPSENDREDIRECTS;
int ip_defttl = IPDEFTTL;
int ip_forwsrcrt = IPFORWSRCRT;
***************
*** 502,508 ****
for (ia = IN_IFADDR_HASH(ip->ip_dst.s_addr).lh_first;
ia != NULL;
ia = ia->ia_hash.le_next) {
! if (in_hosteq(ia->ia_addr.sin_addr, ip->ip_dst)) {
if ((ia->ia_ifp->if_flags & IFF_UP) != 0)
break;
else
--- 506,513 ----
for (ia = IN_IFADDR_HASH(ip->ip_dst.s_addr).lh_first;
ia != NULL;
ia = ia->ia_hash.le_next) {
! if (in_hosteq(ia->ia_addr.sin_addr, ip->ip_dst) &&
! (!ip_strictdest || (ia->ia_ifp == m->m_pkthdr.rcvif))) {
if ((ia->ia_ifp->if_flags & IFF_UP) != 0)
break;
else
***************
*** 514,520 ****
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) {
for (ifa = m->m_pkthdr.rcvif->if_addrlist.tqh_first;
ifa != NULL; ifa = ifa->ifa_list.tqe_next) {
! if (ifa->ifa_addr->sa_family != AF_INET) continue;
ia = ifatoia(ifa);
if (in_hosteq(ip->ip_dst, ia->ia_broadaddr.sin_addr) ||
in_hosteq(ip->ip_dst, ia->ia_netbroadcast) ||
--- 519,528 ----
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) {
for (ifa = m->m_pkthdr.rcvif->if_addrlist.tqh_first;
ifa != NULL; ifa = ifa->ifa_list.tqe_next) {
! if (ifa->ifa_addr->sa_family != AF_INET)
! continue;
! if (ip_strictdest && (ia->ia_ifp != m->m_pkthdr.rcvif))
! continue;
ia = ifatoia(ifa);
if (in_hosteq(ip->ip_dst, ia->ia_broadaddr.sin_addr) ||
in_hosteq(ip->ip_dst, ia->ia_netbroadcast) ||
***************
*** 1621,1626 ****
--- 1629,1637 ----
case IPCTL_SUBNETSARELOCAL:
return (sysctl_int(oldp, oldlenp, newp, newlen,
&subnetsarelocal));
+ case IPCTL_STRICTDEST:
+ return (sysctl_int(oldp, oldlenp, newp, newlen,
+ &ip_strictdest));
case IPCTL_MTUDISC:
error = sysctl_int(oldp, oldlenp, newp, newlen,
&ip_mtudisc);