Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet reject packets with 127/8 on IPv4 src/dst, they ...
details: https://anonhg.NetBSD.org/src/rev/99d91d1a021e
branches: trunk
changeset: 504416:99d91d1a021e
user: itojun <itojun%NetBSD.org@localhost>
date: Fri Mar 02 02:05:36 2001 +0000
description:
reject packets with 127/8 on IPv4 src/dst, they must not appear on wire
(RFC1122). torture-tests will be welcomed.
XXX do we want to check source routing headers as well?
diffstat:
sys/netinet/ip_input.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diffs (23 lines):
diff -r 07c427e0275b -r 99d91d1a021e sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c Fri Mar 02 01:46:57 2001 +0000
+++ b/sys/netinet/ip_input.c Fri Mar 02 02:05:36 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.128 2001/03/01 16:31:39 itojun Exp $ */
+/* $NetBSD: ip_input.c,v 1.129 2001/03/02 02:05:36 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -418,6 +418,13 @@
goto bad;
}
+ /* 127/8 must not appear on wire - RFC1122 */
+ if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
+ (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
+ if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0)
+ goto bad;
+ }
+
if (in_cksum(m, hlen) != 0) {
ipstat.ips_badsum++;
goto bad;
Home |
Main Index |
Thread Index |
Old Index