[src/trunk]: src/sys/net reject SIOCAIFADDR if embedded address is in private...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d6c14e37e2d1
branches:  trunk
changeset: 536499:d6c14e37e2d1
user:      itojun <itojun%NetBSD.org@localhost>
date:      Tue Sep 17 05:56:37 2002 +0000

description:
reject SIOCAIFADDR if embedded address is in private address range.  sync w/kame

diffstat:

 sys/net/if_stf.c |  33 +++++++++++++++++++++++++--------
 1 files changed, 25 insertions(+), 8 deletions(-)

diffs (76 lines):

diff -r 62eb7165eedc -r d6c14e37e2d1 sys/net/if_stf.c
--- a/sys/net/if_stf.c  Tue Sep 17 05:07:21 2002 +0000
+++ b/sys/net/if_stf.c  Tue Sep 17 05:56:37 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_stf.c,v 1.29 2002/08/14 00:23:28 itojun Exp $       */
+/*     $NetBSD: if_stf.c,v 1.30 2002/09/17 05:56:37 itojun Exp $       */
 /*     $KAME: if_stf.c,v 1.62 2001/06/07 22:32:16 itojun Exp $ */
 
 /*
@@ -75,7 +75,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_stf.c,v 1.29 2002/08/14 00:23:28 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_stf.c,v 1.30 2002/09/17 05:56:37 itojun Exp $");
 
 #include "opt_inet.h"
 
@@ -168,6 +168,7 @@
 static struct in6_ifaddr *stf_getsrcifa6 __P((struct ifnet *));
 static int stf_output __P((struct ifnet *, struct mbuf *, struct sockaddr *,
        struct rtentry *));
+static int isrfc1918addr __P((struct in_addr *));
 static int stf_checkaddr4 __P((struct stf_softc *, struct in_addr *,
        struct ifnet *));
 static int stf_checkaddr6 __P((struct stf_softc *, struct in6_addr *,
@@ -467,6 +468,23 @@
 }
 
 static int
+isrfc1918addr(in)
+       struct in_addr *in;
+{
+       /*
+        * returns 1 if private address range:
+        * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+        * (requirement from RFC3056 section 2 1st paragraph)
+        */
+       if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 ||
+           (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 ||
+           (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168)
+               return 1;
+
+       return 0;
+}
+
+static int
 stf_checkaddr4(sc, in, inifp)
        struct stf_softc *sc;
        struct in_addr *in;
@@ -486,12 +504,10 @@
        }
 
        /*
-        * reject packets with private address range:
-        * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+        * reject packets with private address range.
+        * (requirement from RFC3056 section 2 1st paragraph)
         */
-       if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 ||
-           (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 ||
-           (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168)
+       if (isrfc1918addr(in))
                return -1;
 
        /*
@@ -715,7 +731,8 @@
                        break;
                }
                sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
-               if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) {
+               if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr) &&
+                   !isrfc1918addr(GET_V4(&sin6->sin6_addr))) {
                        ifa->ifa_rtrequest = stf_rtrequest;
                        ifp->if_flags |= IFF_UP;
                } else