In regular forwarding path, reject packets destined for 169.254.0.0/16

link-local addresses. See RFC 3927 section 2.7.
This commit is contained in:
Bruce M Simpson 2007-02-03 06:45:51 +00:00
parent 9d5ef0737d
commit f8429ca2e1
2 changed files with 7 additions and 1 deletions

View File

@ -141,7 +141,7 @@ in_canforward(in)
register u_long i = ntohl(in.s_addr);
register u_long net;
if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i))
if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i) || IN_LINKLOCAL(i))
return (0);
if (IN_CLASSA(i)) {
net = i & IN_CLASSA_NET;

View File

@ -528,6 +528,12 @@ ip_input(struct mbuf *m)
#endif
}
}
/* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */
if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) {
ipstat.ips_cantforward++;
m_freem(m);
return;
}
if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
struct in_multi *inm;
if (ip_mrouter) {