[src/trunk]: src/sys/netinet In ip_forward():

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/netinet In ip_forward():
From: sommerfeld <sommerfeld%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 06:17:47 +0000

details:   https://anonhg.NetBSD.org/src/rev/7c16f37e0047
branches:  trunk
changeset: 477240:7c16f37e0047
user:      sommerfeld <sommerfeld%NetBSD.org@localhost>
date:      Sun Oct 17 16:00:00 1999 +0000

description:
In ip_forward():

Avoid forwarding ip unicast packets which were contained inside
link-level multicast packets; having M_MCAST still set in the packet
header flags will mean that the packet will get multicast to a bogus
group instead of unicast to the next hop.

Malformed packets like this have occasionally been spotted "in the
wild" on a mediaone cable modem segment which also had multiple netbsd
machines running as router/NAT boxes.

Without this, any subnet with multiple netbsd routers receiving all
multicasts will generate a packet storm on receipt of such a
multicast.  Note that we already do the same check here for link-level
broadcasts; ip6_forward already does this as well.

Note that multicast forwarding does not go through ip_forward().

Adding some code to if_ethersubr to sanity check link-level
vs. ip-level multicast addresses might also be worthwhile.

diffstat:

 sys/netinet/ip_input.c |  4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diffs (18 lines):

diff -r cb550fc076ab -r 7c16f37e0047 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c    Sun Oct 17 15:31:00 1999 +0000
+++ b/sys/netinet/ip_input.c    Sun Oct 17 16:00:00 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_input.c,v 1.92 1999/07/23 15:21:17 itojun Exp $     */
+/*     $NetBSD: ip_input.c,v 1.93 1999/10/17 16:00:00 sommerfeld Exp $ */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1299,7 +1299,7 @@
                    ntohl(ip->ip_src.s_addr),
                    ntohl(ip->ip_dst.s_addr), ip->ip_ttl);
 #endif
-       if (m->m_flags & M_BCAST || in_canforward(ip->ip_dst) == 0) {
+       if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) {
                ipstat.ips_cantforward++;
                m_freem(m);
                return;

Prev by Date: [src/trunk]: src/sys/dev/scsipi Don't call dk_establish() on vax either.
Next by Date: [src/trunk]: src/sys/dev/usb Handle the (weird) case when the power hook is c...
Previous by Thread: [src/trunk]: src/sys/dev/scsipi Don't call dk_establish() on vax either.
Next by Thread: [src/trunk]: src/sys/dev/usb Handle the (weird) case when the power hook is c...
Indexes:

Home | Main Index | Thread Index | Old Index