From: Vipin Kumar <[email protected]> Block martian address configuration on an interface and also block from getting installed into the zebra tables.
Idea behind the fix was to not allow martian address configurations in quagga and also block any connected martian address installation coming from kernel Signed-off-by: Vipin Kumar <[email protected]> --- lib/prefix.h | 15 ++++++++++++++- zebra/connected.c | 6 ++++++ zebra/interface.c | 12 ++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/lib/prefix.h b/lib/prefix.h index bc8aebc..4c5b7b7 100644 --- a/lib/prefix.h +++ b/lib/prefix.h @@ -233,13 +233,26 @@ extern void masklen2ip6 (const int, struct in6_addr *); extern void str2in6_addr (const char *, struct in6_addr *); extern const char *inet6_ntoa (struct in6_addr); +static inline int ipv6_martian (struct in6_addr *addr) +{ + struct in6_addr localhost_addr; + + inet_pton (AF_INET6, "::1", &localhost_addr); + + if (IPV6_ADDR_SAME(&localhost_addr, addr)) + return 1; + + return 0; +} + #endif /* HAVE_IPV6 */ extern int all_digit (const char *); +/* NOTE: This routine expects the address argument in network byte order. */ static inline int ipv4_martian (struct in_addr *addr) { - in_addr_t ip = addr->s_addr; + in_addr_t ip = ntohl(addr->s_addr); if (IPV4_NET0(ip) || IPV4_NET127(ip) || IPV4_CLASS_DE(ip)) { return 1; diff --git a/zebra/connected.c b/zebra/connected.c index d34daca..af2cbbd 100644 --- a/zebra/connected.c +++ b/zebra/connected.c @@ -210,6 +210,9 @@ connected_add_ipv4 (struct interface *ifp, int flags, struct in_addr *addr, struct prefix_ipv4 *p; struct connected *ifc; + if (ipv4_martian(addr)) + return; + /* Make connected structure. */ ifc = connected_new (); ifc->ifp = ifp; @@ -371,6 +374,9 @@ connected_add_ipv6 (struct interface *ifp, int flags, struct in6_addr *addr, struct prefix_ipv6 *p; struct connected *ifc; + if (ipv6_martian(addr)) + return; + /* Make connected structure. */ ifc = connected_new (); ifc->ifp = ifp; diff --git a/zebra/interface.c b/zebra/interface.c index 15c0e91..91cea6d 100644 --- a/zebra/interface.c +++ b/zebra/interface.c @@ -1417,6 +1417,12 @@ ip_address_install (struct vty *vty, struct interface *ifp, return CMD_WARNING; } + if (ipv4_martian(&cp.prefix)) + { + vty_out (vty, "%% Invalid address%s", VTY_NEWLINE); + return CMD_WARNING; + } + ifc = connected_check (ifp, (struct prefix *) &cp); if (! ifc) { @@ -1601,6 +1607,12 @@ ipv6_address_install (struct vty *vty, struct interface *ifp, return CMD_WARNING; } + if (ipv6_martian(&cp.prefix)) + { + vty_out (vty, "%% Invalid address%s", VTY_NEWLINE); + return CMD_WARNING; + } + ifc = connected_check (ifp, (struct prefix *) &cp); if (! ifc) { -- 1.7.10.4 _______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
