svn commit: r361752 - head/sys/netinet
Rodney W. Grimes
freebsd at gndrsh.dnsmgr.net
Wed Jun 3 14:35:29 UTC 2020
> Author: rrs
> Date: Wed Jun 3 14:16:40 2020
> New Revision: 361752
> URL: https://svnweb.freebsd.org/changeset/base/361752
>
> Log:
> We should never allow either the broadcast or IN_ADDR_ANY to be
> connected to or sent to. This was fond when working with Michael
> Tuexen and Skyzaller. Skyzaller seems to want to use either of
> these two addresses to connect to at times. And it really is
> an error to do so, so lets not allow that behavior.
It would be preferable if possible to use the macros from
netinet/in.h.
#define INADDR_ANY ((in_addr_t)0x00000000)
#define in_nullhost(x) ((x).s_addr == INADDR_ANY)
There is an in_broadcast, but thats a function doing a
more complicated test checking for all possible local
broadcast addresses, which may be what you really want
to do here.
I am also finding it odd that we need to do this at the TCP layer,
there should already be stuff in place that prevents this from
occuring at the IP layer. I guess this stuff is setup and ends
up in a tcb, that later fails when it goes to xmit a packet?
>
> Sponsored by: Netflix Inc.
> Differential Revision: https://reviews.freebsd.org/D24852
>
> Modified:
> head/sys/netinet/tcp_usrreq.c
>
> Modified: head/sys/netinet/tcp_usrreq.c
> ==============================================================================
> --- head/sys/netinet/tcp_usrreq.c Wed Jun 3 14:07:31 2020 (r361751)
> +++ head/sys/netinet/tcp_usrreq.c Wed Jun 3 14:16:40 2020 (r361752)
> @@ -552,6 +552,10 @@ tcp_usr_connect(struct socket *so, struct sockaddr *na
> if (sinp->sin_family == AF_INET
> && IN_MULTICAST(ntohl(sinp->sin_addr.s_addr)))
> return (EAFNOSUPPORT);
> + if ((sinp->sin_family == AF_INET) &&
> + ((ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) ||
> + (sinp->sin_addr.s_addr == INADDR_ANY)))
> + return(EAFNOSUPPORT);
> if ((error = prison_remote_ip4(td->td_ucred, &sinp->sin_addr)) != 0)
> return (error);
>
> @@ -652,6 +656,11 @@ tcp6_usr_connect(struct socket *so, struct sockaddr *n
> error = EAFNOSUPPORT;
> goto out;
> }
> + if ((ntohl(sin.sin_addr.s_addr) == INADDR_BROADCAST) ||
> + (sin.sin_addr.s_addr == INADDR_ANY)) {
> + error = EAFNOSUPPORT;
> + goto out;
> + }
> if ((error = prison_remote_ip4(td->td_ucred,
> &sin.sin_addr)) != 0)
> goto out;
> @@ -1019,6 +1028,13 @@ tcp_usr_send(struct socket *so, int flags, struct mbuf
> goto out;
> }
> if (IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) {
> + if (m)
> + m_freem(m);
> + error = EAFNOSUPPORT;
> + goto out;
> + }
> + if ((ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) ||
> + (sinp->sin_addr.s_addr == INADDR_ANY)) {
> if (m)
> m_freem(m);
> error = EAFNOSUPPORT;
>
--
Rod Grimes rgrimes at freebsd.org
More information about the svn-src-all
mailing list