diff options
author | dg <dg@FreeBSD.org> | 1998-07-08 08:49:51 +0000 |
---|---|---|
committer | dg <dg@FreeBSD.org> | 1998-07-08 08:49:51 +0000 |
commit | ea18dd7105216118f40051f9cf37020735881862 (patch) | |
tree | eb30ebb2fe35f19fb0e69aea51bc3819343c880e /sys/netinet | |
parent | e4073f6c6f4a289d5835689c40d16570af33de12 (diff) | |
download | FreeBSD-src-ea18dd7105216118f40051f9cf37020735881862.zip FreeBSD-src-ea18dd7105216118f40051f9cf37020735881862.tar.gz |
When not acting as a router (ipforwarding=0), silently discard source
routed packets that aren't destined for us, as required by RFC-1122.
PR: 7191
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_input.c | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index c9263a6..93834a0 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 - * $Id: ip_input.c,v 1.94 1998/07/06 09:06:58 julian Exp $ + * $Id: ip_input.c,v 1.95 1998/07/06 09:10:56 julian Exp $ * $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $ */ @@ -1029,16 +1029,27 @@ ip_dooptions(m) } if (!ip_dosourceroute) { - char buf[4*sizeof "123"]; - + if (ipforwarding) { + char buf[16]; /* aaa.bbb.ccc.ddd\0 */ + /* + * Acting as a router, so generate ICMP + */ nosourcerouting: - strcpy(buf, inet_ntoa(ip->ip_dst)); - log(LOG_WARNING, - "attempted source route from %s to %s\n", - inet_ntoa(ip->ip_src), buf); - type = ICMP_UNREACH; - code = ICMP_UNREACH_SRCFAIL; - goto bad; + strcpy(buf, inet_ntoa(ip->ip_dst)); + log(LOG_WARNING, + "attempted source route from %s to %s\n", + inet_ntoa(ip->ip_src), buf); + type = ICMP_UNREACH; + code = ICMP_UNREACH_SRCFAIL; + goto bad; + } else { + /* + * Not acting as a router, so silently drop. + */ + ipstat.ips_cantforward++; + m_freem(m); + return (1); + } } /* |