The NetBSD Project

CVS log for src/sys/netinet/ip_input.c

[BACK] Up to [cvs.NetBSD.org] / src / sys / netinet

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: netbsd-7-1


Revision 1.319.10.2 / (download) - annotate - [select for diffs], Tue Sep 17 18:08:13 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-7-1
Changes since 1.319.10.1: +19 -2 lines
Diff to previous 1.319.10.1 (colored) to branchpoint 1.319 (colored) next main 1.320 (colored)

Pull up following revision(s) (requested by bouyer in ticket #1708):

	sys/netinet6/ip6_input.c: revision 1.209 via patch
	sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.319.10.1 / (download) - annotate - [select for diffs], Fri Feb 9 14:05:29 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-7-1
CVS Tags: netbsd-7-1-2-RELEASE
Changes since 1.319: +4 -4 lines
Diff to previous 1.319 (colored)

Pull up following revision(s) (requested by maxv in ticket #1563):
	sys/netinet/ip_input.c: revision 1.366 (via patch)

Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.

By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.

It is also possible for an attacker to reach hidden networks: if a server
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:
        source = 0.0.0.0
        destination = public address of the server
        LSRR first address = address of a machine on the internal network
And the packet will be forwarded, by the server, to the internal machine,
in some cases even with the internal IP address of the server as a source.

Revision 1.319 / (download) - annotate - [select for diffs], Mon Jun 16 00:33:39 2014 UTC (9 years, 9 months ago) by ozaki-r
Branch: MAIN
CVS Tags: tls-maxphys-base, tls-earlyentropy-base, nick-nhusb-base, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-1-RELEASE, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE
Branch point for: nick-nhusb, netbsd-7-1, netbsd-7-0, netbsd-7
Changes since 1.318: +3 -3 lines
Diff to previous 1.318 (colored)

Add 3rd argument to pktq_create to pass sc

It will be used to pass bridge sc for bridge_forward softint.

ok rmind@

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>