Hi Vipin,
When I made my comment earlier I had in mind a broader definition
of martian addresses. I looked again at the function in prefix.h and the
macros it calls, and it makes sense now.
Another comment inline.
On 11/17/2015 3:58 PM, Vipin Kumar wrote:
Hi Jafar,
Do you have a use-case in mind for the behavior prior to this fix/change ?
Thanks
Vipin
On Tue, Nov 17, 2015 at 9:13 AM, Jafar Al-Gharaibeh <[email protected]
<mailto:[email protected]>> wrote:
Does this patch adds the ability to configure Quagga to block
martian addresses? or does it just block martians address once and
for all?
--Jafar
On 11/13/2015 1:19 PM, Donald Sharp wrote:
From: Vipin Kumar <[email protected]
<mailto:[email protected]>>
Block martian address configuration on an interface and also
block from
getting installed into the zebra tables.
Idea behind the fix was to not allow martian address
configurations in quagga
and also block any connected martian address installation
coming from kernel
Signed-off-by: Vipin Kumar <[email protected]
<mailto:[email protected]>>
---
lib/prefix.h | 15 ++++++++++++++-
zebra/connected.c | 6 ++++++
zebra/interface.c | 12 ++++++++++++
3 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/lib/prefix.h b/lib/prefix.h
index bc8aebc..4c5b7b7 100644
--- a/lib/prefix.h
+++ b/lib/prefix.h
@@ -233,13 +233,26 @@ extern void masklen2ip6 (const int,
struct in6_addr *);
extern void str2in6_addr (const char *, struct in6_addr *);
extern const char *inet6_ntoa (struct in6_addr);
+static inline int ipv6_martian (struct in6_addr *addr)
+{
+ struct in6_addr localhost_addr;
+
+ inet_pton (AF_INET6, "::1", &localhost_addr);
+
+ if (IPV6_ADDR_SAME(&localhost_addr, addr))
+ return 1;
+
+ return 0;
+}
+
#endif /* HAVE_IPV6 */
extern int all_digit (const char *);
+/* NOTE: This routine expects the address argument in
network byte order. */
static inline int ipv4_martian (struct in_addr *addr)
{
- in_addr_t ip = addr->s_addr;
+ in_addr_t ip = ntohl(addr->s_addr);
if (IPV4_NET0(ip) || IPV4_NET127(ip) || IPV4_CLASS_DE(ip)) {
return 1;
Does that mean the only current call to ipv4_marian() in
bgb_zebra.c is actually given the wrong answer, since the macros expect
a host byte order ? Probably The NOTE should read (to avoid future
confusion):
+/* NOTE: This routine expects the address argument in network
byte order. While the underlying macros expect a host byte order*/
Thanks,
Jafar
diff --git a/zebra/connected.c b/zebra/connected.c
index d34daca..af2cbbd 100644
--- a/zebra/connected.c
+++ b/zebra/connected.c
@@ -210,6 +210,9 @@ connected_add_ipv4 (struct interface *ifp,
int flags, struct in_addr *addr,
struct prefix_ipv4 *p;
struct connected *ifc;
+ if (ipv4_martian(addr))
+ return;
+
/* Make connected structure. */
ifc = connected_new ();
ifc->ifp = ifp;
@@ -371,6 +374,9 @@ connected_add_ipv6 (struct interface *ifp,
int flags, struct in6_addr *addr,
struct prefix_ipv6 *p;
struct connected *ifc;
+ if (ipv6_martian(addr))
+ return;
+
/* Make connected structure. */
ifc = connected_new ();
ifc->ifp = ifp;
diff --git a/zebra/interface.c b/zebra/interface.c
index 15c0e91..91cea6d 100644
--- a/zebra/interface.c
+++ b/zebra/interface.c
@@ -1417,6 +1417,12 @@ ip_address_install (struct vty *vty,
struct interface *ifp,
return CMD_WARNING;
}
+ if (ipv4_martian(&cp.prefix))
+ {
+ vty_out (vty, "%% Invalid address%s", VTY_NEWLINE);
+ return CMD_WARNING;
+ }
+
ifc = connected_check (ifp, (struct prefix *) &cp);
if (! ifc)
{
@@ -1601,6 +1607,12 @@ ipv6_address_install (struct vty *vty,
struct interface *ifp,
return CMD_WARNING;
}
+ if (ipv6_martian(&cp.prefix))
+ {
+ vty_out (vty, "%% Invalid address%s", VTY_NEWLINE);
+ return CMD_WARNING;
+ }
+
ifc = connected_check (ifp, (struct prefix *) &cp);
if (! ifc)
{
_______________________________________________
Quagga-dev mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-dev
_______________________________________________
Quagga-dev mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-dev
