[src/trunk]: src/sys/net reject packets with IPv4 private address range. syn...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/26b73d4ea63b
branches:  trunk
changeset: 533059:26b73d4ea63b
user:      itojun <itojun%NetBSD.org@localhost>
date:      Thu Jun 20 07:43:39 2002 +0000

description:
reject packets with IPv4 private address range.  sync w/kame

diffstat:

 sys/net/if_stf.c |  13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)

diffs (34 lines):

diff -r eb4c6863939e -r 26b73d4ea63b sys/net/if_stf.c
--- a/sys/net/if_stf.c  Thu Jun 20 04:01:43 2002 +0000
+++ b/sys/net/if_stf.c  Thu Jun 20 07:43:39 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_stf.c,v 1.23 2001/12/21 03:21:50 itojun Exp $       */
+/*     $NetBSD: if_stf.c,v 1.24 2002/06/20 07:43:39 itojun Exp $       */
 /*     $KAME: if_stf.c,v 1.62 2001/06/07 22:32:16 itojun Exp $ */
 
 /*
@@ -75,7 +75,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_stf.c,v 1.23 2001/12/21 03:21:50 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_stf.c,v 1.24 2002/06/20 07:43:39 itojun Exp $");
 
 #include "opt_inet.h"
 
@@ -478,6 +478,15 @@
        }
 
        /*
+        * reject packets with private address range:
+        * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+        */
+       if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 ||
+           (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 ||
+           (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168)
+               return -1;
+
+       /*
         * reject packets with broadcast
         */
        TAILQ_FOREACH(ia4, &in_ifaddr, ia_list)