Diffusion FreeBSD src repository 2ce85919bbba

Add net.inet.ip.source_address_validation
2ce85919bbba
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Add net.inet.ip.source_address_validation

Drop packets arriving from the network that have our source IP
address. If maliciously crafted they can create evil effects
like an RST exchange between two of our listening TCP ports.
Such packets just can't be legitimate. Enable the tunable
by default. Long time due for a modern Internet host.

Reviewed by: donner, melifaro
Differential revision: https://reviews.freebsd.org/D32914

Details

Provenance

Authored on Nov 12 2021, 5:00 PM

Reviewer

Differential Revision

D32914: Add net.inet.ip.source_address_validation

Parents

rG9c89392f12d7: Add in_localip_fib(), in6_localip_fib().

Branches

Unknown

Tags

Unknown

Event Timeline

glebius committed rG2ce85919bbba: Add net.inet.ip.source_address_validation (authored by glebius).Nov 12 2021, 5:00 PM

glebius added an edge: D32914: Add net.inet.ip.source_address_validation.Nov 12 2021, 5:07 PM

glebius mentioned this in rG6913bf4c3d34: tests/divert: fix after 2ce85919bbba (IP source address validation).Nov 12 2021, 7:21 PM

Changes (2)

Path

Size

share/

man/

man4/

sys/

netinet/

rG2ce85919bbba

share/man/man4/inet.4

Loading...

sys/netinet/ip_input.c

Loading...