Page MenuHomeFreeBSD
Differential D32914

Add net.inet.ip.source_address_validation
ClosedPublic
Actions

Authored by glebius on Nov 9 2021, 8:35 PM.
Tags
None
Referenced Files
F115821242: D32914.diff
Tue, Apr 29, 3:41 AM
Unknown Object (File)
Tue, Apr 22, 6:04 PM
Unknown Object (File)
Sun, Apr 13, 11:53 PM
Unknown Object (File)
Fri, Apr 11, 9:44 AM
Unknown Object (File)
Fri, Apr 11, 9:37 AM
Unknown Object (File)
Mar 25 2025, 10:24 PM
Unknown Object (File)
Feb 27 2025, 3:22 AM
Unknown Object (File)
Feb 26 2025, 1:08 PM
View All Files
Subscribers
imp
melifaro
zlei

Details

Reviewers
rrs
donner
kp
melifaro
Group Reviewers
manpages
network
Commits
rG2ce85919bbba: Add net.inet.ip.source_address_validation
Summary

Drop packets arriving from the network that have our source IP
address. If maliciously crafted they can create evil effects
like an RST exchange between two of our listening TCP ports.
Such packets just can't be legitimate. Enable the tunable
by default. Long time due for a modern Internet host.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 42712
Build 39600: arc lint + arc unit

Event Timeline

glebius created this revision.Nov 9 2021, 8:35 PM
Herald added a reviewer: manpages. · View Herald TranscriptNov 9 2021, 8:35 PM
Herald added subscribers: melifaro, imp. · View Herald Transcript
glebius requested review of this revision.Nov 9 2021, 8:35 PM
Harbormaster completed remote builds in B42683: Diff 98269.Nov 9 2021, 8:35 PM
glebius added a parent revision: D32913: ip_input: packet filters shall not modify m_pkthdr.rcvif.Nov 9 2021, 8:35 PM
glebius added reviewers: network, rrs.Nov 9 2021, 8:35 PM
glebius added a child revision: D32915: Add net.inet6.ip6.source_address_validation.Nov 9 2021, 8:36 PM
donner accepted this revision as: donner.Nov 9 2021, 9:47 PM
This revision is now accepted and ready to land.Nov 9 2021, 9:47 PM
kp accepted this revision as: kp.Nov 10 2021, 9:49 AM
glebius updated this revision to Diff 98338.Nov 11 2021, 12:30 AM

Use in_localip_fib().

This revision now requires review to proceed.Nov 11 2021, 12:30 AM
Harbormaster completed remote builds in B42712: Diff 98338.Nov 11 2021, 12:31 AM
donner accepted this revision.Nov 11 2021, 7:55 AM

Thank you for including the fib.

This revision is now accepted and ready to land.Nov 11 2021, 7:55 AM
melifaro accepted this revision.Nov 11 2021, 9:23 AM
zlei added a subscriber: zlei.Nov 12 2021, 7:17 AM
Closed by commit rG2ce85919bbba: Add net.inet.ip.source_address_validation (authored by glebius). · Explain WhyNov 12 2021, 5:07 PM
This revision was automatically updated to reflect the committed changes.
glebius added a commit: rG2ce85919bbba: Add net.inet.ip.source_address_validation.

Revision Contents
Changeset List

PathSize
share/
man/
man4/
10 lines
sys/
netinet/
16 lines

Diff 98338

View Options

share/man/man4/inet.4

Loading...
View Options

sys/netinet/ip_input.c

Loading...