[src/trunk]: src/sys/netinet - if ip_dst matches address on !IFF_UP interface...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/3e5a296aff05
branches:  trunk
changeset: 482603:3e5a296aff05
user:      itojun <itojun%NetBSD.org@localhost>
date:      Wed Feb 16 12:40:40 2000 +0000

description:
- if ip_dst matches address on !IFF_UP interface, and
- there's no match against addresses on IFF_UP interface,
send icmp unreach if I'm router.  drop it if I'm host.

Revised version of PR: 9387 from nrt%iij.ad.jp@localhost.  Discussed with thorpej+nrt.

diffstat:

 sys/netinet/ip_input.c |  29 ++++++++++++++++++++++-------
 1 files changed, 22 insertions(+), 7 deletions(-)

diffs (65 lines):

diff -r e9bba9189f2a -r 3e5a296aff05 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c    Wed Feb 16 12:36:19 2000 +0000
+++ b/sys/netinet/ip_input.c    Wed Feb 16 12:40:40 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_input.c,v 1.99 2000/02/12 18:00:00 thorpej Exp $    */
+/*     $NetBSD: ip_input.c,v 1.100 2000/02/16 12:40:40 itojun Exp $    */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -348,6 +348,7 @@
        register struct ifaddr *ifa;
        struct ipqent *ipqe;
        int hlen = 0, mff, len;
+       int downmatch;
 #ifdef PFIL_HOOKS
        struct packet_filter_hook *pfh;
        struct mbuf *m0;
@@ -489,18 +490,20 @@
 
        /*
         * Check our list of addresses, to see if the packet is for us.
+        *
+        * Traditional 4.4BSD did not consult IFF_UP at all.
+        * The behavior here is to treat addresses on !IFF_UP interface
+        * as not mine.
         */
+       downmatch = 0;
        for (ia = IN_IFADDR_HASH(ip->ip_dst.s_addr).lh_first;
             ia != NULL;
             ia = ia->ia_hash.le_next) {
                if (in_hosteq(ia->ia_addr.sin_addr, ip->ip_dst)) {
                        if ((ia->ia_ifp->if_flags & IFF_UP) != 0)
                                break;
-                       else {
-                               icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST,
-                                   0, m->m_pkthdr.rcvif);
-                               return;
-                       }
+                       else
+                               downmatch++;
                }
        }
        if (ia != NULL)
@@ -591,8 +594,20 @@
        if (ipforwarding == 0) {
                ipstat.ips_cantforward++;
                m_freem(m);
-       } else
+       } else {
+               /*
+                * If ip_dst matched any of my address on !IFF_UP interface,
+                * and there's no IFF_UP interface that matches ip_dst,
+                * send icmp unreach.  Forwarding it will result in in-kernel
+                * forwarding loop till TTL goes to 0.
+                */
+               if (downmatch) {
+                       icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0);
+                       ipstat.ips_cantforward++;
+                       return;
+               }
                ip_forward(m, 0);
+       }
        return;
 
 ours: