Re: explicitly check broadcast addresses on some ifa_ifwithaddr() uses

Thu, 03 Dec 2015 01:29:12 -0800 

On 12/02/15 20:06, Martin Pieuchot wrote:
> On 02/12/15(Wed) 16:18, Vincent Gross wrote:
>> When fed a broadcast address, ifa_ifwitaddr() returns the unicast ifa
>> whose broadcast address match the input. This is used mainly to select
>> ifa, and there can be trouble when you have 2 ifas on the same range
>> (e.g. 10.0.0.1/24@em0 & 10.0.0.20/24@em1) :
>>
>> netinet/ip_mroute.c:814
>> net/route.c:785
>> netinet/ip_divert.c:143
>> net/if_vxlan.c:241
>>
>> There are also places where broadcast addresses should not be tolerated :
>>
>> netinet/ip_input.c:1061  broadcast address is not a module identifier
>> netinet/ip_input.c:1141  see above
>> netinet/ip_input.c:1197  see above
>> netinet6/*:              no broadcast in ipv6
>> net/route.c:562:         gateway shall never be a broadcast addr
>> net/route.c:713:         see above
>>
>> This diff removes broadcast matching from ifa_ifwithaddr, and
>> adds or rewrites checks where necessary.
>>
>> Comments ? Ok ?
> 
> Looks good to me.  Some nits below.

Nits applied.

Anyone else ?


Index: sys/net/if.c
===================================================================
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.417
diff -u -p -r1.417 if.c
--- sys/net/if.c        2 Dec 2015 16:35:52 -0000       1.417
+++ sys/net/if.c        3 Dec 2015 07:59:53 -0000
@@ -1179,13 +1179,6 @@ ifa_ifwithaddr(struct sockaddr *addr, u_
 
                        if (equal(addr, ifa->ifa_addr))
                                return (ifa);
-
-                       /* IPv6 doesn't have broadcast */
-                       if ((ifp->if_flags & IFF_BROADCAST) &&
-                           ifa->ifa_broadaddr &&
-                           ifa->ifa_broadaddr->sa_len != 0 &&
-                           equal(ifa->ifa_broadaddr, addr))
-                               return (ifa);
                }
        }
        return (NULL);
Index: sys/netinet/in_pcb.c
===================================================================
RCS file: /cvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.190
diff -u -p -r1.190 in_pcb.c
--- sys/netinet/in_pcb.c        2 Dec 2015 22:13:44 -0000       1.190
+++ sys/netinet/in_pcb.c        3 Dec 2015 07:59:53 -0000
@@ -332,14 +332,13 @@ in_pcbbind(struct inpcb *inp, struct mbu
 
                                ia = ifatoia(ifa_ifwithaddr(sintosa(sin),
                                    inp->inp_rtableid));
-                               if (ia == NULL)
-                                       return (EADDRNOTAVAIL);
 
                                /* SOCK_RAW does not use in_pcbbind() */
-                               if (so->so_type != SOCK_DGRAM &&
-                                   sin->sin_addr.s_addr !=
-                                   ia->ia_addr.sin_addr.s_addr)
-                                       return (EADDRNOTAVAIL);
+                               if (ia == NULL &&
+                                   (so->so_type != SOCK_DGRAM ||
+                                   !in_broadcast(sin->sin_addr,
+                                       inp->inp_rtableid)))
+                                               return (EADDRNOTAVAIL);
                        }
                }
                if (lport) {
@@ -353,7 +352,8 @@ in_pcbbind(struct inpcb *inp, struct mbu
                                t = in_pcblookup(table, &zeroin_addr, 0,
                                    &sin->sin_addr, lport, INPLOOKUP_WILDCARD,
                                    inp->inp_rtableid);
-                               if (t && (so->so_euid != 
t->inp_socket->so_euid))
+                               if (t &&
+                                   (so->so_euid != t->inp_socket->so_euid))
                                        return (EADDRINUSE);
                        }
                        t = in_pcblookup(table, &zeroin_addr, 0,
Index: sys/netinet/ip_output.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.311
diff -u -p -r1.311 ip_output.c
--- sys/netinet/ip_output.c     2 Dec 2015 20:50:20 -0000       1.311
+++ sys/netinet/ip_output.c     3 Dec 2015 07:59:53 -0000
@@ -1368,13 +1368,12 @@ ip_setmoptions(int optname, struct ip_mo
                sin.sin_family = AF_INET;
                sin.sin_addr = addr;
                ia = ifatoia(ifa_ifwithaddr(sintosa(&sin), rtableid));
-               if (ia && in_hosteq(sin.sin_addr, ia->ia_addr.sin_addr))
-                       ifp = ia->ia_ifp;
-               if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
+               if (ia == NULL ||
+                   (ia->ia_ifp->if_flags & IFF_MULTICAST) == 0) {
                        error = EADDRNOTAVAIL;
                        break;
                }
-               imo->imo_ifidx = ifp->if_index;
+               imo->imo_ifidx = ia->ia_ifp->if_index;
                break;
 
        case IP_MULTICAST_TTL:
@@ -1542,12 +1541,11 @@ ip_setmoptions(int optname, struct ip_mo
                        sin.sin_family = AF_INET;
                        sin.sin_addr = mreq->imr_interface;
                        ia = ifatoia(ifa_ifwithaddr(sintosa(&sin), rtableid));
-                       if (ia && in_hosteq(sin.sin_addr, ia->ia_addr.sin_addr))
-                               ifp = ia->ia_ifp;
-                       else {
+                       if (ia == NULL) {
                                error = EADDRNOTAVAIL;
                                break;
                        }
+                       ifp = ia->ia_ifp;
                }
                /*
                 * Find the membership in the membership array.
Index: sys/netinet/raw_ip.c
===================================================================
RCS file: /cvs/src/sys/netinet/raw_ip.c,v
retrieving revision 1.84
diff -u -p -r1.84 raw_ip.c
--- sys/netinet/raw_ip.c        28 Jul 2015 12:22:07 -0000      1.84
+++ sys/netinet/raw_ip.c        3 Dec 2015 07:59:53 -0000
@@ -473,6 +473,7 @@ rip_usrreq(struct socket *so, int req, s
                if (!((so->so_options & SO_BINDANY) ||
                    addr->sin_addr.s_addr == INADDR_ANY ||
                    addr->sin_addr.s_addr == INADDR_BROADCAST ||
+                   in_broadcast(addr->sin_addr, inp->inp_rtableid) ||
                    ifa_ifwithaddr(sintosa(addr), inp->inp_rtableid))) {
                        error = EADDRNOTAVAIL;
                        break;

Reply via email to