CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/22 04:58:34
Modified files:
sys/netinet : ip_input.c
Log message:
don't forward packets with a source ip of 0.0.0.0.
my initial motivation here is that ip_output special cases 0.0.0.0
and replaces it with an ip from the local system under the assumption
that an unset ip originates from the local system.
in addition to this, my reading of rfc1122 makes me think it's
illegal from a standards point of view too, and sthen@ points out
that rfc6890 agrees. this makes fixing the stack problem easy because
we can just drop the packet.
this check is done for forwarded packets, but we should continue
to treat packets from 0.0.0.0 on a connected network as valid because
protocols like dhcp and igmp need to use it when they don't have
an ip yet. ie, we should accept packets from 0.0.0.0, but not forward
them.
i discovered this because there's a clever clogs dhcp implementation
somewhere at work that knows it hasn't got an address yet, but it tries
talking to the dhcp server that last gave it an ip, which is on a
different subnet in my topology. this means it sends a unicast ip packet
from 0.0.0.0 to the ip of my dhcp server via the gateway on that subnet,
which is pretty presumptuous of it.
ok sthen@ claudio@ deraadt@ job@
