git: 9406d7e32da7 - stable/14 - netinet: Do not forward or ICMP response to INADDR_ANY
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 07 Mar 2025 04:03:21 UTC
The branch stable/14 has been updated by zlei:
URL: https://cgit.FreeBSD.org/src/commit/?id=9406d7e32da718dce31e36190be308c61f87604e
commit 9406d7e32da718dce31e36190be308c61f87604e
Author: Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-03-02 15:00:42 +0000
Commit: Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-03-07 04:02:41 +0000
netinet: Do not forward or ICMP response to INADDR_ANY
The section 4 in the draft proposal [1] explicitly states that 0.0.0.0,
aka INADDR_ANY, retains its existing special meanings.
[1] https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-0
Reviewed by: glebius
Fixes: efe58855f3ea IPv4: experimental changes to allow net 0/8, 240/4, part of 127/8
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D49157
(cherry picked from commit f7174eb2b4c45573bb9e836edad2b179a445a88f)
---
sys/netinet/in.c | 3 ++-
sys/netinet/ip_icmp.c | 5 +++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index e30f63e5bec9..bb36ef18d3e2 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -278,7 +278,8 @@ in_canforward(struct in_addr in)
{
u_long i = ntohl(in.s_addr);
- if (IN_MULTICAST(i) || IN_LINKLOCAL(i) || IN_LOOPBACK(i))
+ if (IN_MULTICAST(i) || IN_LINKLOCAL(i) || IN_LOOPBACK(i) ||
+ in_nullhost(in))
return (0);
if (IN_EXPERIMENTAL(i) && !V_ip_allow_net240)
return (0);
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index 26ee6e5c1245..122293a36a15 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -790,10 +790,11 @@ icmp_reflect(struct mbuf *m)
if (IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
(IN_EXPERIMENTAL(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net240) ||
- (IN_ZERONET(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net0) ) {
+ (IN_ZERONET(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net0) ||
+ in_nullhost(ip->ip_src) ) {
m_freem(m); /* Bad return address */
ICMPSTAT_INC(icps_badaddr);
- goto done; /* Ip_output() will check for broadcast */
+ goto done; /* ip_output() will check for broadcast */
}
t = ip->ip_dst;