From 0af8d3ec72cea0f5188c624024c341b7a2fc3ecd Mon Sep 17 00:00:00 2001 From: David Greenman Date: Wed, 8 Jul 1998 08:49:51 +0000 Subject: [PATCH] When not acting as a router (ipforwarding=0), silently discard source routed packets that aren't destined for us, as required by RFC-1122. PR: 7191 --- sys/netinet/ip_input.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index c9263a675e0c..93834a023fac 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 - * $Id: ip_input.c,v 1.94 1998/07/06 09:06:58 julian Exp $ + * $Id: ip_input.c,v 1.95 1998/07/06 09:10:56 julian Exp $ * $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $ */ @@ -1029,16 +1029,27 @@ ip_dooptions(m) } if (!ip_dosourceroute) { - char buf[4*sizeof "123"]; - + if (ipforwarding) { + char buf[16]; /* aaa.bbb.ccc.ddd\0 */ + /* + * Acting as a router, so generate ICMP + */ nosourcerouting: - strcpy(buf, inet_ntoa(ip->ip_dst)); - log(LOG_WARNING, - "attempted source route from %s to %s\n", - inet_ntoa(ip->ip_src), buf); - type = ICMP_UNREACH; - code = ICMP_UNREACH_SRCFAIL; - goto bad; + strcpy(buf, inet_ntoa(ip->ip_dst)); + log(LOG_WARNING, + "attempted source route from %s to %s\n", + inet_ntoa(ip->ip_src), buf); + type = ICMP_UNREACH; + code = ICMP_UNREACH_SRCFAIL; + goto bad; + } else { + /* + * Not acting as a router, so silently drop. + */ + ipstat.ips_cantforward++; + m_freem(m); + return (1); + } } /*