diff options
author | bms <bms@FreeBSD.org> | 2007-02-03 06:45:51 +0000 |
---|---|---|
committer | bms <bms@FreeBSD.org> | 2007-02-03 06:45:51 +0000 |
commit | b6b883252e5d6c0fcb51fb3e958a992c2c21bb3f (patch) | |
tree | 927c9279b68ebe0d081dc5a0db43152be8201485 /sys/netinet | |
parent | 6443ab2e87fb5541609750151b564c5a8ac78df4 (diff) | |
download | FreeBSD-src-b6b883252e5d6c0fcb51fb3e958a992c2c21bb3f.zip FreeBSD-src-b6b883252e5d6c0fcb51fb3e958a992c2c21bb3f.tar.gz |
In regular forwarding path, reject packets destined for 169.254.0.0/16
link-local addresses. See RFC 3927 section 2.7.
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/in.c | 2 | ||||
-rw-r--r-- | sys/netinet/ip_input.c | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 4af8f06..1d2fd93 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -141,7 +141,7 @@ in_canforward(in) register u_long i = ntohl(in.s_addr); register u_long net; - if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i)) + if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i) || IN_LINKLOCAL(i)) return (0); if (IN_CLASSA(i)) { net = i & IN_CLASSA_NET; diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 5e682b6..82e9939 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -528,6 +528,12 @@ passin: #endif } } + /* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */ + if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) { + ipstat.ips_cantforward++; + m_freem(m); + return; + } if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { struct in_multi *inm; if (ip_mrouter) { |