From: Vipin Kumar <[email protected]> Block martian address configuration on an interface and also block from getting installed into the zebra tables.
Idea behind the fix was to not allow martian address configurations in quagga and also block any connected martian address installation coming from kernel Signed-off-by: Vipin Kumar <[email protected]> --- lib/prefix.h | 15 ++++++++++++++- zebra/connected.c | 6 ++++++ zebra/interface.c | 12 ++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/lib/prefix.h b/lib/prefix.h index a517d79..779c68e 100644 --- a/lib/prefix.h +++ b/lib/prefix.h @@ -234,13 +234,26 @@ extern void masklen2ip6 (const int, struct in6_addr *); extern void str2in6_addr (const char *, struct in6_addr *); extern const char *inet6_ntoa (struct in6_addr); +static inline int ipv6_martian (struct in6_addr *addr) +{ + struct in6_addr localhost_addr; + + inet_pton (AF_INET6, "::1", &localhost_addr); + + if (IPV6_ADDR_SAME(&localhost_addr, addr)) + return 1; + + return 0; +} + #endif /* HAVE_IPV6 */ extern int all_digit (const char *); +/* NOTE: This routine expects the address argument in network byte order. */ static inline int ipv4_martian (struct in_addr *addr) { - in_addr_t ip = addr->s_addr; + in_addr_t ip = ntohl(addr->s_addr); if (IPV4_NET0(ip) || IPV4_NET127(ip) || IPV4_CLASS_DE(ip)) { return 1; diff --git a/zebra/connected.c b/zebra/connected.c index c531d3e..25d49db 100644 --- a/zebra/connected.c +++ b/zebra/connected.c @@ -210,6 +210,9 @@ connected_add_ipv4 (struct interface *ifp, int flags, struct in_addr *addr, struct prefix_ipv4 *p; struct connected *ifc; + if (ipv4_martian(addr)) + return; + /* Make connected structure. */ ifc = connected_new (); ifc->ifp = ifp; @@ -371,6 +374,9 @@ connected_add_ipv6 (struct interface *ifp, int flags, struct in6_addr *addr, struct prefix_ipv6 *p; struct connected *ifc; + if (ipv6_martian(addr)) + return; + /* Make connected structure. */ ifc = connected_new (); ifc->ifp = ifp; diff --git a/zebra/interface.c b/zebra/interface.c index 98e9b10..967bd6c 100644 --- a/zebra/interface.c +++ b/zebra/interface.c @@ -1417,6 +1417,12 @@ ip_address_install (struct vty *vty, struct interface *ifp, return CMD_WARNING; } + if (ipv4_martian(&cp.prefix)) + { + vty_out (vty, "%% Invalid address%s", VTY_NEWLINE); + return CMD_WARNING; + } + ifc = connected_check (ifp, (struct prefix *) &cp); if (! ifc) { @@ -1601,6 +1607,12 @@ ipv6_address_install (struct vty *vty, struct interface *ifp, return CMD_WARNING; } + if (ipv6_martian(&cp.prefix)) + { + vty_out (vty, "%% Invalid address%s", VTY_NEWLINE); + return CMD_WARNING; + } + ifc = connected_check (ifp, (struct prefix *) &cp); if (! ifc) { -- 1.9.1 _______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
