From 11fbae904270b422a9ad9544d95c00a56f74e51e Mon Sep 17 00:00:00 2001 From: guido Date: Mon, 16 Feb 1998 19:23:58 +0000 Subject: Add new sysctl variable: net.inet.ip.accept_sourceroute It controls if the system is to accept source routed packets. It used to be such that, no matter if the setting of net.inet.ip.sourceroute, source routed packets destined at us would be accepted. Now it is controllable with eth default set to NOT accept those. --- sys/netinet/in.h | 6 ++++-- sys/netinet/ip_input.c | 8 +++++++- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'sys/netinet') diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 3f9387d..7daf7a2 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)in.h 8.3 (Berkeley) 1/3/94 - * $Id: in.h,v 1.26 1997/02/22 09:41:28 peter Exp $ + * $Id: in.h,v 1.27 1997/09/25 00:34:35 wollman Exp $ */ #ifndef _NETINET_IN_H_ @@ -303,7 +303,8 @@ struct ip_mreq { #define IPCTL_INTRQMAXLEN 10 /* max length of netisr queue */ #define IPCTL_INTRQDROPS 11 /* number of netisr q drops */ #define IPCTL_STATS 12 /* ipstat structure */ -#define IPCTL_MAXID 13 +#define IPCTL_ACCEPTSOURCEROUTE 13 /* may accept source routed packets */ +#define IPCTL_MAXID 14 #define IPCTL_NAMES { \ { 0, 0 }, \ @@ -319,6 +320,7 @@ struct ip_mreq { { "intr-queue-maxlen", CTLTYPE_INT }, \ { "intr-queue-drops", CTLTYPE_INT }, \ { "stats", CTLTYPE_STRUCT }, \ + { "accept_sourceroute", CTLTYPE_INT }, \ } diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index c9a21ae..8449070 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 - * $Id: ip_input.c,v 1.76 1998/02/11 18:43:42 guido Exp $ + * $Id: ip_input.c,v 1.77 1998/02/12 03:37:45 ache Exp $ * $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $ */ @@ -94,6 +94,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, static int ip_dosourceroute = 0; SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW, &ip_dosourceroute, 0, ""); + +static int ip_acceptsourceroute = 0; +SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, + CTLFLAG_RW, &ip_acceptsourceroute, 0, ""); #ifdef DIAGNOSTIC static int ipprintfs = 0; #endif @@ -965,6 +969,8 @@ ip_dooptions(m) /* * End of source route. Should be for us. */ + if (!ip_acceptsourceroute) + goto nosourcerouting; save_rte(cp, ip->ip_src); break; } -- cgit v1.1