[src/trunk]: src sync IPv4 rogue address filter with RFC1122. (sync with kame)

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src sync IPv4 rogue address filter with RFC1122. (sync with kame)
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:04:35 +0000

details:   https://anonhg.NetBSD.org/src/rev/721a07ffb9a0
branches:  trunk
changeset: 486147:721a07ffb9a0
user:      itojun <itojun%NetBSD.org@localhost>
date:      Sun May 14 03:44:02 2000 +0000

description:
sync IPv4 rogue address filter with RFC1122.  (sync with kame)

diffstat:

 share/man/man4/stf.4 |  15 +++++++++------
 sys/net/if_stf.c     |  34 ++++++++++++++++++++++++++++------
 2 files changed, 37 insertions(+), 12 deletions(-)

diffs (118 lines):

diff -r 5511c363a079 -r 721a07ffb9a0 share/man/man4/stf.4
--- a/share/man/man4/stf.4      Sun May 14 03:16:11 2000 +0000
+++ b/share/man/man4/stf.4      Sun May 14 03:44:02 2000 +0000
@@ -1,5 +1,5 @@
-.\"     $NetBSD: stf.4,v 1.2 2000/05/02 04:05:25 itojun Exp $
-.\"     $KAME: stf.4,v 1.20 2000/05/02 03:59:44 itojun Exp $
+.\"     $NetBSD: stf.4,v 1.3 2000/05/14 03:44:03 itojun Exp $
+.\"     $KAME: stf.4,v 1.21 2000/05/13 23:15:28 itojun Exp $
 .\"
 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 .\" All rights reserved.
@@ -125,14 +125,17 @@
 Note that the checks are no way complete:
 .Bl -bullet
 .It
+Packets with IPv4 unspecified addrss as outer IPv4 source/destination
+.Pq Li 0.0.0.0/8
+.It
+Packets with loopback address as outer IPv4 source/destination
+.Pq Li 127.0.0.0/8
+.It
 Packets with IPv4 multicast address as outer IPv4 source/destination
 .Pq Li 224.0.0.0/4
 .It
-Packets with IPv4 unspecified addrss as outer IPv4 source/destination
-.Pq Li 0.0.0.0/32
-.It
 Packets with limited broadcast address as outer IPv4 source/destination
-.Pq Li 255.255.255.255/32
+.Pq Li 255.0.0.0/8
 .It
 Packets with subnet broadcast address as outer IPv4 source/destination.
 The check is made against subnet broadcast addresses for
diff -r 5511c363a079 -r 721a07ffb9a0 sys/net/if_stf.c
--- a/sys/net/if_stf.c  Sun May 14 03:16:11 2000 +0000
+++ b/sys/net/if_stf.c  Sun May 14 03:44:02 2000 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: if_stf.c,v 1.2 2000/04/21 02:40:53 itojun Exp $        */
-/*     $KAME: if_stf.c,v 1.32 2000/04/21 02:39:43 itojun Exp $ */
+/*     $NetBSD: if_stf.c,v 1.3 2000/05/14 03:44:02 itojun Exp $        */
+/*     $KAME: if_stf.c,v 1.37 2000/05/05 11:00:55 sumikawa Exp $       */
 
 /*
  * Copyright (C) 2000 WIDE Project.
@@ -72,7 +72,11 @@
  * Note that there is no way to be 100% secure.
  */
 
-#if (defined(__FreeBSD__) && __FreeBSD__ >= 3) || defined(__NetBSD__)
+#if defined(__FreeBSD__) && __FreeBSD__ >= 3
+#include "opt_inet.h"
+#include "opt_inet6.h"
+#endif
+#ifdef __NetBSD__
 #include "opt_inet.h"
 #endif
 
@@ -119,7 +123,12 @@
 
 #include <net/net_osdep.h>
 
+#if defined(__FreeBSD__) && __FreeBSD__ >= 4
+#include "bpf.h"
+#define NBPFILTER      NBPF
+#else
 #include "bpfilter.h"
+#endif
 #include "stf.h"
 #include "gif.h"       /*XXX*/
 
@@ -227,6 +236,9 @@
                sc->sc_if.if_ioctl  = stf_ioctl;
                sc->sc_if.if_output = stf_output;
                sc->sc_if.if_type   = IFT_STF;
+#if defined(__FreeBSD__) && __FreeBSD__ >= 4
+               sc->sc_if.if_snd.ifq_maxlen = IFQ_MAXLEN;
+#endif
                if_attach(&sc->sc_if);
 #if NBPFILTER > 0
 #ifdef HAVE_OLD_BPF
@@ -334,6 +346,10 @@
                for (ia4 = in_ifaddr.tqh_first;
                     ia4;
                     ia4 = ia4->ia_list.tqe_next)
+#elif defined(__FreeBSD__) && __FreeBSD__ >= 3
+               for (ia4 = TAILQ_FIRST(&in_ifaddrhead);
+                    ia4;
+                    ia4 = TAILQ_NEXT(ia4, ia_link))
 #else
                for (ia4 = in_ifaddr; ia4 != NULL; ia4 = ia4->ia_next)
 #endif
@@ -449,10 +465,12 @@
 
        /*
         * reject packets with the following address:
-        * 224.0.0.0/4 0.0.0.0/32 255.255.255.255/32
+        * 224.0.0.0/4 0.0.0.0/8 127.0.0.0/8 255.0.0.0/8
         */
-       if (IN_MULTICAST(in->s_addr) || in->s_addr == INADDR_ANY ||
-           in->s_addr == INADDR_BROADCAST) {
+       if (IN_MULTICAST(in->s_addr))
+               return -1;
+       switch ((ntohl(in->s_addr) & 0xff000000) >> 24) {
+       case 0: case 127: case 255:
                return -1;
        }
 
@@ -461,6 +479,10 @@
         */
 #if defined(__OpenBSD__) || defined(__NetBSD__)
        for (ia4 = in_ifaddr.tqh_first; ia4; ia4 = ia4->ia_list.tqe_next)
+#elif defined(__FreeBSD__) && __FreeBSD__ >= 3
+       for (ia4 = TAILQ_FIRST(&in_ifaddrhead);
+            ia4;
+            ia4 = TAILQ_NEXT(ia4, ia_link))
 #else
        for (ia4 = in_ifaddr; ia4 != NULL; ia4 = ia4->ia_next)
 #endif

Prev by Date: [src/trunk]: src/sys/arch/i386/conf Comment out XSERVER and XSERVER_DDB and m...
Next by Date: [src/trunk]: src/sys/dev/qbus Release dlreg.h into the public domain. It's h...
Previous by Thread: [src/trunk]: src/sys/arch/i386/conf Comment out XSERVER and XSERVER_DDB and m...
Next by Thread: [src/trunk]: src/sys/dev/qbus Release dlreg.h into the public domain. It's h...
Indexes:

Home | Main Index | Thread Index | Old Index