Re: Support for 240/4 and 0/8 addresses in NetBSD

To: Seth David Schoen <schoen%loyalty.org@localhost>
Subject: Re: Support for 240/4 and 0/8 addresses in NetBSD
From: Taylor R Campbell <campbell+netbsd-tech-net%mumble.net@localhost>
Date: Sat, 17 Jun 2023 10:32:39 +0000

> Date: Sat, 17 Jun 2023 10:15:06 +0000
> From: Taylor R Campbell <campbell+netbsd-tech-net%mumble.net@localhost>
> 
> The attached patch addresses the 240/4 question by:

As is obligatory, here is the patch I said I would attach the first
time around.  Someone should really repeal that law that requires the
first message to be missing the patch!

From f0f6860d601b4a4f6ae1646ba6e15b4a6121aac1 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Sat, 17 Jun 2023 09:55:39 +0000
Subject: [PATCH] net: Move 240/4 rejection from hard-coded in kernel to just a
 route.

The reject route is initialized by default on `service network start'
just like various others now.

As discussed on tech-net:
https://mail-index.NetBSD.org/tech-net/2023/06/10/msg008520.html
---
 etc/rc.d/network | 9 +++++++++
 sys/netinet/in.c | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/etc/rc.d/network b/etc/rc.d/network
index 81d32480650f..a7c021becc71 100755
--- a/etc/rc.d/network
+++ b/etc/rc.d/network
@@ -42,6 +42,7 @@ network_start()
 	network_start_hostname
 	network_start_domainname
 	network_start_loopback
+	network_start_ipv4_route
 	have_inet6 &&
 	network_start_ipv6_route
 	[ "$net_interfaces" != NO ] &&
@@ -113,6 +114,14 @@ network_start_loopback()
 	/sbin/route -q add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject
 }
 
+network_start_ipv4_route()
+{
+	# Disallow the 240/4 address space reserved for future use by
+	# RFC 1112, Sec. 4.
+	#
+	/sbin/route -q add -inet 240 -netmask 0xf0000000 127.0.0.1 -reject
+}
+
 network_start_ipv6_route()
 {
 	# IPv6 routing setups, and host/router mode selection.
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 5b00e80e4b37..55ffa6a9ada2 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -303,7 +303,7 @@ in_canforward(struct in_addr in)
 {
 	u_int32_t net;
 
-	if (IN_EXPERIMENTAL(in.s_addr) || IN_MULTICAST(in.s_addr))
+	if (in.s_addr == INADDR_BROADCAST || IN_MULTICAST(in.s_addr))
 		return (0);
 	if (IN_CLASSA(in.s_addr)) {
 		net = in.s_addr & IN_CLASSA_NET;

References:
- Re: Support for 240/4 and 0/8 addresses in NetBSD
  - From: Taylor R Campbell

Prev by Date: Re: Support for 240/4 and 0/8 addresses in NetBSD
Next by Date: Re: Support for 240/4 and 0/8 addresses in NetBSD
Previous by Thread: Re: Support for 240/4 and 0/8 addresses in NetBSD
Next by Thread: Re: Support for 240/4 and 0/8 addresses in NetBSD
Indexes:

Home | Main Index | Thread Index | Old Index