From 2c56e246fa57e8bd7aa53c0a1ad2f5092fd77106 Mon Sep 17 00:00:00 2001 From: "Matthew N. Dodd" Date: Wed, 2 Apr 2003 20:14:44 +0000 Subject: [PATCH] Back out support for RFC3514. RFC3514 poses an unacceptale risk to compliant systems. --- sbin/ping/ping.8 | 6 ++---- sbin/ping/ping.c | 14 +------------- share/man/man4/inet.4 | 11 ----------- share/man/man4/ip.4 | 9 --------- sys/netinet/in.h | 2 -- sys/netinet/in_pcb.h | 1 - sys/netinet/ip.h | 1 - sys/netinet/ip_input.c | 14 -------------- sys/netinet/ip_output.c | 31 +------------------------------ sys/netinet/ip_var.h | 1 - usr.bin/netstat/inet.c | 1 - 11 files changed, 4 insertions(+), 87 deletions(-) diff --git a/sbin/ping/ping.8 b/sbin/ping/ping.8 index 49223e4800cc..71fa31a8cec9 100644 --- a/sbin/ping/ping.8 +++ b/sbin/ping/ping.8 @@ -42,7 +42,7 @@ packets to network hosts .Sh SYNOPSIS .Nm -.Op Fl AaDdEfnoQqRrv +.Op Fl AaDdfnoQqRrv .Op Fl c Ar count .Op Fl i Ar wait .Op Fl l Ar preload @@ -56,7 +56,7 @@ packets to network hosts .Op Fl z Ar tos .Ar host .Nm -.Op Fl AaDdEfLnoQqRrv +.Op Fl AaDdfLnoQqRrv .Op Fl c Ar count .Op Fl I Ar iface .Op Fl i Ar wait @@ -122,8 +122,6 @@ If this option is not specified, will operate until interrupted. .It Fl D Set the Don't Fragment bit. -.It Fl E -Set the EVIL bit. .It Fl d Set the .Dv SO_DEBUG diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c index b0efe1406960..0d41c92d91a5 100644 --- a/sbin/ping/ping.c +++ b/sbin/ping/ping.c @@ -143,7 +143,6 @@ int options; #define F_HDRINCL 0x40000 #define F_MASK 0x80000 #define F_TIME 0x100000 -#define F_SO_EVIL 0x200000 /* * MAX_DUP_CHK is the number of bits in received table, i.e. the maximum @@ -257,7 +256,7 @@ main(argc, argv) outpack = outpackhdr + sizeof(struct ip); while ((ch = getopt(argc, argv, - "Aac:DdEfI:i:Ll:M:m:nop:QqRrS:s:T:t:vz:" + "Aac:DdfI:i:Ll:M:m:nop:QqRrS:s:T:t:vz:" #ifdef IPSEC #ifdef IPSEC_POLICY_IPSEC "P:" @@ -287,9 +286,6 @@ main(argc, argv) case 'd': options |= F_SO_DEBUG; break; - case 'E': - options |= F_SO_EVIL; - break; case 'f': if (uid) { errno = EPERM; @@ -551,10 +547,6 @@ main(argc, argv) if (options & F_SO_DONTROUTE) (void)setsockopt(s, SOL_SOCKET, SO_DONTROUTE, (char *)&hold, sizeof(hold)); - if (options & F_SO_EVIL) - if (setsockopt(s, IPPROTO_IP, IP_EVIL_INTENT, (char *)&hold, - sizeof(hold)) != 0) - err(EX_OSERR, "setsockopt(s, IPPROTO_IP, IP_EVIL_INTENT, ...)"); #ifdef IPSEC #ifdef IPSEC_POLICY_IPSEC if (options & F_POLICY) { @@ -601,8 +593,6 @@ main(argc, argv) ip->ip_tos = tos; ip->ip_id = 0; ip->ip_off = df ? IP_DF : 0; - if (options & F_SO_EVIL) - ip->ip_off |= IP_EF; ip->ip_ttl = ttl; ip->ip_p = IPPROTO_ICMP; ip->ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY; @@ -1001,8 +991,6 @@ pr_pack(buf, cc, from, tv) (void)printf(" ttl=%d", ip->ip_ttl); if (timing) (void)printf(" time=%.3f ms", triptime); - if (ip->ip_off & IP_EF) - (void)printf(" (EVIL)"); if (dupflag) (void)printf(" (DUP!)"); if (options & F_AUDIBLE) diff --git a/share/man/man4/inet.4 b/share/man/man4/inet.4 index 3cf03f8f15a4..d15c204dc545 100644 --- a/share/man/man4/inet.4 +++ b/share/man/man4/inet.4 @@ -261,17 +261,6 @@ adaptation described above. .Pq ip.rtmaxcache Integer: trigger level of cached, unreferenced, protocol-cloned routes which initiates dynamic adaptation (default 128). -.It Dv IPCTL_RFC3514 -.Pq ip.rfc3514 -Boolean: Enable support for RFC3514. Defaults to off. -.It Dv IPCTL_SPEAK_NO_EVIL -.Pq ip.speak_no_evil -Boolean: Prevent the transmission of RFC3514 (EVIL) packets. -Defaults to off. -.It Dv IPCTL_HEAR_NO_EVIL -.Pq ip.hear_no_evil -Boolean: Prevent the reception of RFC3514 (EVIL) packets. -Defaults to off. .El .Sh SEE ALSO .Xr ioctl 2 , diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4 index 48962147c51d..713001469614 100644 --- a/share/man/man4/ip.4 +++ b/share/man/man4/ip.4 @@ -164,15 +164,6 @@ control message from can be used directly as a control message for .Xr sendmsg 2 . .Pp -.Dv IP_EVIL_INTENT can be used to specify that IP packets should have their -EVIL option set as per RFC3514. -The cmsghdr fields should have the following values: -.Bd -literal -cmsg_len = sizeof(struct in_addr) -cmsg_level = IPPROTO_IP -cmsg_type = IP_EVIL_INTENT -.Ed -.Pp .Dv IP_PORTRANGE may be used to set the port range used for selecting a local port number on a socket with an unspecified (zero) port number. diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 49f83e5b82ad..83eeae78b9d7 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -399,8 +399,6 @@ __END_DECLS #define IP_DUMMYNET_FLUSH 62 /* flush dummynet */ #define IP_DUMMYNET_GET 64 /* get entire dummynet pipes */ -#define IP_EVIL_INTENT 65 /* RFC3514 */ - /* * Defaults and limits for options */ diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index eb02c6e2e71c..efb7862a5407 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -276,7 +276,6 @@ struct inpcbinfo { /* XXX documentation, prefixes */ #define INP_RECVIF 0x80 /* receive incoming interface */ #define INP_MTUDISC 0x100 /* user can do MTU discovery */ #define INP_FAITH 0x200 /* accept FAITH'ed connections */ -#define INP_EVIL 0x400 /* Packet has evil intentions */ #define IN6P_IPV6_V6ONLY 0x008000 /* restrict AF_INET6 socket for v6 */ diff --git a/sys/netinet/ip.h b/sys/netinet/ip.h index 6efdc0cd65c3..24f66ceb24db 100644 --- a/sys/netinet/ip.h +++ b/sys/netinet/ip.h @@ -62,7 +62,6 @@ struct ip { u_short ip_id; /* identification */ u_short ip_off; /* fragment offset field */ #define IP_RF 0x8000 /* reserved fragment flag */ -#define IP_EF 0x8000 /* evil flag, per RFC 3514 */ #define IP_DF 0x4000 /* dont fragment flag */ #define IP_MF 0x2000 /* more fragments flag */ #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index e80ea2de7ab6..e26cc8dd55fe 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -134,11 +134,6 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, &ip_sendsourcequench, 0, "Enable the transmission of source quench packets"); -static int hear_no_evil = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, hear_no_evil, CTLFLAG_RW, - &hear_no_evil, 0, - "Drop all received EVIL packets."); - /* * XXX - Setting ip_checkinterface mostly implements the receive side of * the Strong ES model described in RFC 1122, but since the routing table @@ -411,15 +406,6 @@ ip_input(struct mbuf *m) } ip->ip_off = ntohs(ip->ip_off); - /* - * Check for RFC3514 (EVIL) packets. - */ - if (ip->ip_off & IP_EF) { - ipstat.ips_evil++; - if (hear_no_evil) - goto bad; - } - /* * Check that the amount of data in the buffers * is as at least much as the IP header would have us expect. diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 3b715168dbca..c00ac4cd512e 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -101,13 +101,6 @@ int mbuf_frag_size = 0; SYSCTL_INT(_net_inet_ip, OID_AUTO, mbuf_frag_size, CTLFLAG_RW, &mbuf_frag_size, 0, "Fragment outgoing mbufs to this size"); #endif -static int ip_do_rfc3514 = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, rfc3514, CTLFLAG_RW, - &ip_do_rfc3514, 0, "IPv4 Header Security Flag Support"); - -static int speak_no_evil = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, speak_no_evil, CTLFLAG_RW, - &speak_no_evil, 0, "Drop all EVIL packets before output."); static struct mbuf *ip_insertoptions(struct mbuf *, struct mbuf *, int *); static struct ifnet *ip_multicast_if(struct in_addr *, int *); @@ -235,7 +228,7 @@ ip_output(m0, opt, ro, flags, imo, inp) if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { ip->ip_v = IPVERSION; ip->ip_hl = hlen >> 2; - ip->ip_off &= IP_DF|IP_EF; + ip->ip_off &= IP_DF; #ifdef RANDOM_IP_ID ip->ip_id = ip_randomid(); #else @@ -246,17 +239,6 @@ ip_output(m0, opt, ro, flags, imo, inp) hlen = ip->ip_hl << 2; } - /* RFC3514 */ - if ((inp != NULL) && /* Originated */ - ip_do_rfc3514 && /* Supported */ - ((inp->inp_flags & INP_EVIL) == INP_EVIL)) /* Optioned */ - ip->ip_off |= IP_EF; - - if (speak_no_evil && (ip->ip_off & IP_EF)) { - error = EACCES; - goto bad; - } - #ifdef FAST_IPSEC if (ro == NULL) { ro = &iproute; @@ -1444,7 +1426,6 @@ ip_ctloutput(so, sopt) case IP_RECVDSTADDR: case IP_RECVIF: case IP_FAITH: - case IP_EVIL_INTENT: error = sooptcopyin(sopt, &optval, sizeof optval, sizeof optval); if (error) @@ -1483,12 +1464,6 @@ ip_ctloutput(so, sopt) case IP_FAITH: OPTSET(INP_FAITH); break; - case IP_EVIL_INTENT: - if (ip_do_rfc3514) { - OPTSET(INP_EVIL); - } else - error = EINVAL; - break; } break; #undef OPTSET @@ -1581,7 +1556,6 @@ ip_ctloutput(so, sopt) case IP_RECVIF: case IP_PORTRANGE: case IP_FAITH: - case IP_EVIL_INTENT: switch (sopt->sopt_name) { case IP_TOS: @@ -1622,9 +1596,6 @@ ip_ctloutput(so, sopt) case IP_FAITH: optval = OPTBIT(INP_FAITH); break; - case IP_EVIL_INTENT: - optval = OPTBIT(INP_EVIL); - break; } error = sooptcopyout(sopt, &optval, sizeof optval); break; diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index 4e9907b12b2d..c8df2e673e4a 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -132,7 +132,6 @@ struct ipstat { u_long ips_notmember; /* multicasts for unregistered grps */ u_long ips_nogif; /* no match gif found */ u_long ips_badaddr; /* invalid address on header */ - u_long ips_evil; /* EVIL packets received */ }; #ifdef _KERNEL diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c index 3aa486e3bb5c..d608e1a3ba02 100644 --- a/usr.bin/netstat/inet.c +++ b/usr.bin/netstat/inet.c @@ -568,7 +568,6 @@ ip_stats(u_long off __unused, const char *name, int af1 __unused) p(ips_cantfrag, "\t%lu datagram%s that can't be fragmented\n"); p(ips_nogif, "\t%lu tunneling packet%s that can't find gif\n"); p(ips_badaddr, "\t%lu datagram%s with bad address in header\n"); - p(ips_evil, "\t%lu EVIL datagram%s received.\n"); #undef p #undef p1a }