Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys/netinet Pull up revisions 1.138-1.140 (via patch, r...
details: https://anonhg.NetBSD.org/src/rev/6b404fe6f285
branches: netbsd-1-5
changeset: 493034:6b404fe6f285
user: he <he%NetBSD.org@localhost>
date: Wed Apr 03 21:17:06 2002 +0000
description:
Pull up revisions 1.138-1.140 (via patch, requested by itojun):
Reject TCP SYN packets sent to the broadcast address.
diffstat:
sys/netinet/tcp_input.c | 37 ++++++++++++++++++++++++++++++++++++-
1 files changed, 36 insertions(+), 1 deletions(-)
diffs (58 lines):
diff -r b865b865d635 -r 6b404fe6f285 sys/netinet/tcp_input.c
--- a/sys/netinet/tcp_input.c Wed Apr 03 21:16:45 2002 +0000
+++ b/sys/netinet/tcp_input.c Wed Apr 03 21:17:06 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_input.c,v 1.108.4.11 2002/03/20 21:42:32 he Exp $ */
+/* $NetBSD: tcp_input.c,v 1.108.4.12 2002/04/03 21:17:06 he Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1377,6 +1377,26 @@
}
switch (tp->t_state) {
+ case TCPS_LISTEN:
+ /*
+ * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
+ */
+ if (m->m_flags & (M_BCAST|M_MCAST))
+ goto drop;
+ switch (af) {
+#ifdef INET6
+ case AF_INET6:
+ if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
+ goto drop;
+ break;
+#endif /* INET6 */
+ case AF_INET:
+ if (IN_MULTICAST(ip->ip_dst.s_addr) ||
+ in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
+ goto drop;
+ break;
+ }
+ break;
/*
* If the state is SYN_SENT:
@@ -2190,6 +2210,21 @@
*/
if (tiflags & TH_RST)
goto drop;
+
+ switch (af) {
+#ifdef INET6
+ case AF_INET6:
+ /* For following calls to tcp_respond */
+ if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
+ goto drop;
+ break;
+#endif /* INET6 */
+ case AF_INET:
+ if (IN_MULTICAST(ip->ip_dst.s_addr) ||
+ in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
+ goto drop;
+ }
+
{
/*
* need to recover version # field, which was overwritten on
Home |
Main Index |
Thread Index |
Old Index