Date: Sun, 2 Mar 2025 15:02:43 GMT From: Zhenlei Huang <zlei@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: f7174eb2b4c4 - main - netinet: Do not forward or ICMP response to INADDR_ANY Message-ID: <202503021502.522F2hCi089750@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=f7174eb2b4c45573bb9e836edad2b179a445a88f commit f7174eb2b4c45573bb9e836edad2b179a445a88f Author: Zhenlei Huang <zlei@FreeBSD.org> AuthorDate: 2025-03-02 15:00:42 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2025-03-02 15:00:42 +0000 netinet: Do not forward or ICMP response to INADDR_ANY The section 4 in the draft proposal [1] explicitly states that 0.0.0.0, aka INADDR_ANY, retains its existing special meanings. [1] https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-0 Reviewed by: glebius Fixes: efe58855f3ea IPv4: experimental changes to allow net 0/8, 240/4, part of 127/8 MFC after: 5 days Differential Revision: https://reviews.freebsd.org/D49157 --- sys/netinet/in.c | 3 ++- sys/netinet/ip_icmp.c | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 9a644c60e541..22adc8277b93 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -276,7 +276,8 @@ in_canforward(struct in_addr in) { u_long i = ntohl(in.s_addr); - if (IN_MULTICAST(i) || IN_LINKLOCAL(i) || IN_LOOPBACK(i)) + if (IN_MULTICAST(i) || IN_LINKLOCAL(i) || IN_LOOPBACK(i) || + in_nullhost(in)) return (0); if (IN_EXPERIMENTAL(i) && !V_ip_allow_net240) return (0); diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 936f76e7fbe3..17d15d7d9629 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -783,10 +783,11 @@ icmp_reflect(struct mbuf *m) if (IN_MULTICAST(ntohl(ip->ip_src.s_addr)) || (IN_EXPERIMENTAL(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net240) || - (IN_ZERONET(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net0) ) { + (IN_ZERONET(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net0) || + in_nullhost(ip->ip_src) ) { m_freem(m); /* Bad return address */ ICMPSTAT_INC(icps_badaddr); - goto done; /* Ip_output() will check for broadcast */ + goto done; /* ip_output() will check for broadcast */ } t = ip->ip_dst;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202503021502.522F2hCi089750>