In regular forwarding path, reject packets destined for 169.254.0.0/16

link-local addresses. See RFC 3927 section 2.7.
2007-02-03 06:45:51 +00:00 · 2007-02-03 06:45:51 +00:00 · b6b883252e
commit b6b883252e
parent 6443ab2e87
2 changed files with 7 additions and 1 deletions
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@ -141,7 +141,7 @@ in_canforward(in)
 	register u_long i = ntohl(in.s_addr);
 	register u_long net;

-	if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i))
+	if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i) || IN_LINKLOCAL(i))
 		return (0);
 	if (IN_CLASSA(i)) {
 		net = i & IN_CLASSA_NET;
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@ -528,6 +528,12 @@ ip_input(struct mbuf *m)
 #endif
 		}
 	}
+	/* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */
+	if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) {
+		ipstat.ips_cantforward++;
+		m_freem(m);
+		return;
+	}
 	if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
 		struct in_multi *inm;
 		if (ip_mrouter) {