upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

netinet: Do not forward or ICMP response to INADDR_ANY

Browse source 
The section 4 in the draft proposal [1] explicitly states that 0.0.0.0,
aka INADDR_ANY, retains its existing special meanings.

[1] https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-0

Reviewed by:	glebius
Fixes:	efe58855f3 IPv4: experimental changes to allow net 0/8, 240/4, part of 127/8
MFC after:	5 days
Differential Revision:	https://reviews.freebsd.org/D49157
This commit is contained in:
Zhenlei Huang 2025-03-02 23:00:42 +08:00
parent 361a8395f0
commit f7174eb2b4
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
sys/netinet/in.c
View file

@ -276,7 +276,8 @@ in_canforward(struct in_addr in)
{
u_long i = ntohl(in.s_addr);
if (IN_MULTICAST(i) || IN_LINKLOCAL(i) || IN_LOOPBACK(i))
if (IN_MULTICAST(i) || IN_LINKLOCAL(i) || IN_LOOPBACK(i) ||
in_nullhost(in))
return (0);
if (IN_EXPERIMENTAL(i) && !V_ip_allow_net240)
return (0);

5
sys/netinet/ip_icmp.c
View file

@ -783,10 +783,11 @@ icmp_reflect(struct mbuf *m)
if (IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
(IN_EXPERIMENTAL(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net240) ||
(IN_ZERONET(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net0) ) {
(IN_ZERONET(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net0) ||
in_nullhost(ip->ip_src) ) {
m_freem(m); /* Bad return address */
ICMPSTAT_INC(icps_badaddr);
goto done; /* Ip_output() will check for broadcast */
goto done; /* ip_output() will check for broadcast */
}
t = ip->ip_dst;