Page MenuHomeFreeBSD
Differential D32914

Add net.inet.ip.source_address_validation
ClosedPublic
Actions

Authored by glebius on Nov 9 2021, 8:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 1, 3:50 AM
Unknown Object (File)
Jan 25 2024, 5:20 AM
Unknown Object (File)
Jan 11 2024, 1:28 AM
Unknown Object (File)
Jan 3 2024, 1:07 AM
Unknown Object (File)
Dec 24 2023, 7:54 AM
Unknown Object (File)
Dec 22 2023, 10:55 PM
Unknown Object (File)
Dec 11 2023, 1:38 AM
Unknown Object (File)
Dec 5 2023, 8:47 AM
View All 36 Files
Subscribers
imp
melifaro
zlei

Details

Reviewers
rrs
donner
kp
melifaro
Group Reviewers
manpages
network
Commits
rG2ce85919bbba: Add net.inet.ip.source_address_validation
Summary

Drop packets arriving from the network that have our source IP
address. If maliciously crafted they can create evil effects
like an RST exchange between two of our listening TCP ports.
Such packets just can't be legitimate. Enable the tunable
by default. Long time due for a modern Internet host.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

glebius created this revision.Nov 9 2021, 8:35 PM
Herald added a reviewer: manpages. · View Herald TranscriptNov 9 2021, 8:35 PM
Herald added subscribers: melifaro, imp. · View Herald Transcript
glebius requested review of this revision.Nov 9 2021, 8:35 PM
Harbormaster completed remote builds in B42683: Diff 98269.Nov 9 2021, 8:35 PM
glebius added a parent revision: D32913: ip_input: packet filters shall not modify m_pkthdr.rcvif.Nov 9 2021, 8:35 PM
glebius added reviewers: network, rrs.Nov 9 2021, 8:35 PM
glebius added a child revision: D32915: Add net.inet6.ip6.source_address_validation.Nov 9 2021, 8:36 PM
donner accepted this revision as: donner.Nov 9 2021, 9:47 PM
This revision is now accepted and ready to land.Nov 9 2021, 9:47 PM
kp accepted this revision as: kp.Nov 10 2021, 9:49 AM
glebius updated this revision to Diff 98338.Nov 11 2021, 12:30 AM

Use in_localip_fib().

This revision now requires review to proceed.Nov 11 2021, 12:30 AM
Harbormaster completed remote builds in B42712: Diff 98338.Nov 11 2021, 12:31 AM
donner accepted this revision.Nov 11 2021, 7:55 AM

Thank you for including the fib.

This revision is now accepted and ready to land.Nov 11 2021, 7:55 AM
melifaro accepted this revision.Nov 11 2021, 9:23 AM
zlei added a subscriber: zlei.Nov 12 2021, 7:17 AM
Closed by commit rG2ce85919bbba: Add net.inet.ip.source_address_validation (authored by glebius). · Explain WhyNov 12 2021, 5:07 PM
This revision was automatically updated to reflect the committed changes.
glebius added a commit: rG2ce85919bbba: Add net.inet.ip.source_address_validation.

Revision Contents
Changeset List

PathSize
share/
man/
man4/
8 lines
sys/
netinet/
16 lines

Diff 98425

View Options

share/man/man4/inet.4

Loading...
View Options

sys/netinet/ip_input.c

Loading...