In regular forwarding path, reject packets destined for 169.254.0.0/16
link-local addresses. See RFC 3927 section 2.7.
This commit is contained in:
parent
9d5ef0737d
commit
f8429ca2e1
@ -141,7 +141,7 @@ in_canforward(in)
|
||||
register u_long i = ntohl(in.s_addr);
|
||||
register u_long net;
|
||||
|
||||
if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i))
|
||||
if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i) || IN_LINKLOCAL(i))
|
||||
return (0);
|
||||
if (IN_CLASSA(i)) {
|
||||
net = i & IN_CLASSA_NET;
|
||||
|
@ -528,6 +528,12 @@ ip_input(struct mbuf *m)
|
||||
#endif
|
||||
}
|
||||
}
|
||||
/* RFC 3927 2.7: Do not forward datagrams for 169.254.0.0/16. */
|
||||
if (IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) {
|
||||
ipstat.ips_cantforward++;
|
||||
m_freem(m);
|
||||
return;
|
||||
}
|
||||
if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
|
||||
struct in_multi *inm;
|
||||
if (ip_mrouter) {
|
||||
|
Loading…
Reference in New Issue
Block a user