Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: syssrc



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does this warrant a security advisory?  (I'm thinking of `Without this,
any subnet with multiple netbsd routers receiving all multicasts will
generate a packet storm on receipt of such a multicast.')  Are the other
BSD's subject to this?

On Sun, 17 Oct 1999, Bill Sommerfeld wrote:

>Date: Sun, 17 Oct 1999 09:00:01 -0700 (PDT)
>From: Bill Sommerfeld <sommerfeld%netbsd.org@localhost>
>To: source-changes%netbsd.org@localhost
>Subject: CVS commit: syssrc
>
>
>Module Name:   syssrc
>Committed By:  sommerfeld
>Date:          Sun Oct 17 16:00:01 UTC 1999
>
>Modified Files:
>       syssrc/sys/netinet: ip_input.c
>
>Log Message:
>In ip_forward():
>
>Avoid forwarding ip unicast packets which were contained inside
>link-level multicast packets; having M_MCAST still set in the packet
>header flags will mean that the packet will get multicast to a bogus
>group instead of unicast to the next hop.
>
>Malformed packets like this have occasionally been spotted "in the
>wild" on a mediaone cable modem segment which also had multiple netbsd
>machines running as router/NAT boxes.
>
>Without this, any subnet with multiple netbsd routers receiving all
>multicasts will generate a packet storm on receipt of such a
>multicast.  Note that we already do the same check here for link-level
>broadcasts; ip6_forward already does this as well.
>
>Note that multicast forwarding does not go through ip_forward().
>
>Adding some code to if_ethersubr to sanity check link-level
>vs. ip-level multicast addresses might also be worthwhile.
>
>
>To generate a diff of this commit:
>cvs rdiff -r1.92 -r1.93 syssrc/sys/netinet/ip_input.c
>
>Please note that diffs are not public domain; they are subject to the
>copyright notices on the relevant files.
>

- -- 
                                Jim Wise
                                jwise%draga.com@localhost

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBOAps9C2NgFbJL33VEQJSiwCfYZeD1yVleFNkJ5gM7IwqKlAjSAUAnRfB
RnHdGAvByepwe+lIWLHxjBhU
=Y30G
-----END PGP SIGNATURE-----




Home | Main Index | Thread Index | Old Index