Hi Jafar, Do you have a use-case in mind for the behavior prior to this fix/change ?
Thanks Vipin On Tue, Nov 17, 2015 at 9:13 AM, Jafar Al-Gharaibeh <[email protected]> wrote: > Does this patch adds the ability to configure Quagga to block martian > addresses? or does it just block martians address once and for all? > > --Jafar > > > On 11/13/2015 1:19 PM, Donald Sharp wrote: > >> From: Vipin Kumar <[email protected]> >> >> Block martian address configuration on an interface and also block from >> getting installed into the zebra tables. >> >> Idea behind the fix was to not allow martian address configurations in >> quagga >> and also block any connected martian address installation coming from >> kernel >> >> Signed-off-by: Vipin Kumar <[email protected]> >> --- >> lib/prefix.h | 15 ++++++++++++++- >> zebra/connected.c | 6 ++++++ >> zebra/interface.c | 12 ++++++++++++ >> 3 files changed, 32 insertions(+), 1 deletion(-) >> >> diff --git a/lib/prefix.h b/lib/prefix.h >> index bc8aebc..4c5b7b7 100644 >> --- a/lib/prefix.h >> +++ b/lib/prefix.h >> @@ -233,13 +233,26 @@ extern void masklen2ip6 (const int, struct in6_addr >> *); >> extern void str2in6_addr (const char *, struct in6_addr *); >> extern const char *inet6_ntoa (struct in6_addr); >> +static inline int ipv6_martian (struct in6_addr *addr) >> +{ >> + struct in6_addr localhost_addr; >> + >> + inet_pton (AF_INET6, "::1", &localhost_addr); >> + >> + if (IPV6_ADDR_SAME(&localhost_addr, addr)) >> + return 1; >> + >> + return 0; >> +} >> + >> #endif /* HAVE_IPV6 */ >> extern int all_digit (const char *); >> +/* NOTE: This routine expects the address argument in network byte >> order. */ >> static inline int ipv4_martian (struct in_addr *addr) >> { >> - in_addr_t ip = addr->s_addr; >> + in_addr_t ip = ntohl(addr->s_addr); >> if (IPV4_NET0(ip) || IPV4_NET127(ip) || IPV4_CLASS_DE(ip)) { >> return 1; >> diff --git a/zebra/connected.c b/zebra/connected.c >> index d34daca..af2cbbd 100644 >> --- a/zebra/connected.c >> +++ b/zebra/connected.c >> @@ -210,6 +210,9 @@ connected_add_ipv4 (struct interface *ifp, int flags, >> struct in_addr *addr, >> struct prefix_ipv4 *p; >> struct connected *ifc; >> + if (ipv4_martian(addr)) >> + return; >> + >> /* Make connected structure. */ >> ifc = connected_new (); >> ifc->ifp = ifp; >> @@ -371,6 +374,9 @@ connected_add_ipv6 (struct interface *ifp, int flags, >> struct in6_addr *addr, >> struct prefix_ipv6 *p; >> struct connected *ifc; >> + if (ipv6_martian(addr)) >> + return; >> + >> /* Make connected structure. */ >> ifc = connected_new (); >> ifc->ifp = ifp; >> diff --git a/zebra/interface.c b/zebra/interface.c >> index 15c0e91..91cea6d 100644 >> --- a/zebra/interface.c >> +++ b/zebra/interface.c >> @@ -1417,6 +1417,12 @@ ip_address_install (struct vty *vty, struct >> interface *ifp, >> return CMD_WARNING; >> } >> + if (ipv4_martian(&cp.prefix)) >> + { >> + vty_out (vty, "%% Invalid address%s", VTY_NEWLINE); >> + return CMD_WARNING; >> + } >> + >> ifc = connected_check (ifp, (struct prefix *) &cp); >> if (! ifc) >> { >> @@ -1601,6 +1607,12 @@ ipv6_address_install (struct vty *vty, struct >> interface *ifp, >> return CMD_WARNING; >> } >> + if (ipv6_martian(&cp.prefix)) >> + { >> + vty_out (vty, "%% Invalid address%s", VTY_NEWLINE); >> + return CMD_WARNING; >> + } >> + >> ifc = connected_check (ifp, (struct prefix *) &cp); >> if (! ifc) >> { >> > >
_______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
