Module Name: src Committed By: roy Date: Wed Sep 7 15:41:44 UTC 2016
Modified Files: src/sys/netinet: ip_input.c src/sys/netinet6: ip6_input.c Log Message: Disallow input to detached addresses because they are not yet valid. To generate a diff of this commit: cvs rdiff -u -r1.340 -r1.341 src/sys/netinet/ip_input.c cvs rdiff -u -r1.167 -r1.168 src/sys/netinet6/ip6_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.340 src/sys/netinet/ip_input.c:1.341 --- src/sys/netinet/ip_input.c:1.340 Wed Aug 31 09:14:47 2016 +++ src/sys/netinet/ip_input.c Wed Sep 7 15:41:44 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.340 2016/08/31 09:14:47 ozaki-r Exp $ */ +/* $NetBSD: ip_input.c,v 1.341 2016/09/07 15:41:44 roy Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.340 2016/08/31 09:14:47 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.341 2016/09/07 15:41:44 roy Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -382,7 +382,8 @@ ip_match_our_address(struct ifnet *ifp, continue; if (checkif && ia->ia_ifp != ifp) continue; - if ((ia->ia_ifp->if_flags & IFF_UP) != 0) + if ((ia->ia_ifp->if_flags & IFF_UP) != 0 && + (ia->ia4_flags & IN_IFF_DETACHED) == 0) break; else (*downmatch)++; @@ -402,7 +403,7 @@ ip_match_our_address_broadcast(struct if if (ifa->ifa_addr->sa_family != AF_INET) continue; ia = ifatoia(ifa); - if (ia->ia4_flags & IN_IFF_NOTREADY) + if (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED)) continue; if (in_hosteq(ip->ip_dst, ia->ia_broadaddr.sin_addr) || in_hosteq(ip->ip_dst, ia->ia_netbroadcast) || Index: src/sys/netinet6/ip6_input.c diff -u src/sys/netinet6/ip6_input.c:1.167 src/sys/netinet6/ip6_input.c:1.168 --- src/sys/netinet6/ip6_input.c:1.167 Wed Aug 31 09:14:47 2016 +++ src/sys/netinet6/ip6_input.c Wed Sep 7 15:41:44 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.167 2016/08/31 09:14:47 ozaki-r Exp $ */ +/* $NetBSD: ip6_input.c,v 1.168 2016/09/07 15:41:44 roy Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.167 2016/08/31 09:14:47 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.168 2016/09/07 15:41:44 roy Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" @@ -504,7 +504,7 @@ ip6_input(struct mbuf *m, struct ifnet * * packets to a tentative, duplicated, or somehow invalid * address must not be accepted. */ - if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) { + if (!(ia6->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_DETACHED))) { /* this address is ready */ ours = 1; deliverifp = ia6->ia_ifp; /* correct? */