Differential D32914

Add net.inet.ip.source_address_validation
ClosedPublic
Actions

Authored by glebius on Nov 9 2021, 8:35 PM.

Tags

None

Referenced Files

	F139443249: D32914.id98269.diff
	Fri, Dec 12, 3:49 AM

	F139401699: D32914.diff
	Thu, Dec 11, 5:10 PM

	Unknown Object (File)
	Thu, Nov 27, 9:00 PM

	Unknown Object (File)
	Tue, Nov 25, 11:37 AM

	Unknown Object (File)
	Mon, Nov 24, 9:08 PM

	Unknown Object (File)
	Sat, Nov 22, 4:29 AM

	Unknown Object (File)
	Fri, Nov 21, 9:46 PM

	Unknown Object (File)
	Thu, Nov 20, 3:51 AM

Subscribers

Details

Reviewers

rrs
donner
kp
melifaro

Group Reviewers

manpages
network

Commits

rG2ce85919bbba: Add net.inet.ip.source_address_validation

Summary

Drop packets arriving from the network that have our source IP
address. If maliciously crafted they can create evil effects
like an RST exchange between two of our listening TCP ports.
Such packets just can't be legitimate. Enable the tunable
by default. Long time due for a modern Internet host.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

glebius created this revision.Nov 9 2021, 8:35 PM

Herald added a reviewer: manpages. · View Herald TranscriptNov 9 2021, 8:35 PM

Herald added subscribers: melifaro, imp. · View Herald Transcript

glebius requested review of this revision.Nov 9 2021, 8:35 PM

Harbormaster completed remote builds in B42683: Diff 98269.Nov 9 2021, 8:35 PM

glebius added a parent revision: D32913: ip_input: packet filters shall not modify m_pkthdr.rcvif.Nov 9 2021, 8:35 PM

glebius added reviewers: network, rrs.Nov 9 2021, 8:35 PM

glebius added a child revision: D32915: Add net.inet6.ip6.source_address_validation.Nov 9 2021, 8:36 PM

donner accepted this revision as: donner.Nov 9 2021, 9:47 PM

This revision is now accepted and ready to land.Nov 9 2021, 9:47 PM

kp accepted this revision as: kp.Nov 10 2021, 9:49 AM

Use in_localip_fib().

This revision now requires review to proceed.Nov 11 2021, 12:30 AM

Harbormaster completed remote builds in B42712: Diff 98338.Nov 11 2021, 12:31 AM

Thank you for including the fib.

This revision is now accepted and ready to land.Nov 11 2021, 7:55 AM

melifaro accepted this revision.Nov 11 2021, 9:23 AM

zlei added a subscriber: zlei.Nov 12 2021, 7:17 AM

Closed by commit rG2ce85919bbba: Add net.inet.ip.source_address_validation (authored by glebius). · Explain WhyNov 12 2021, 5:07 PM

This revision was automatically updated to reflect the committed changes.

glebius added a commit: rG2ce85919bbba: Add net.inet.ip.source_address_validation.

Revision Contents
Changeset List

Path

Size

share/

man/

man4/

8 lines

sys/

netinet/

16 lines

Diff 98425

share/man/man4/inet.4

Loading...

sys/netinet/ip_input.c

Loading...