diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2002-04-03 20:37:29 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2002-04-03 20:37:29 +0000 |
| commit | 532818180d9ac077838ea47acc9d1ff6e45bcab1 (patch) | |
| tree | fafe9f98ee2d27dc6c9e5c638e7ba45518187a8f | |
| parent | f986ef2a5bda305e22d824c3cf6044d717fd29ed (diff) | |
Don't process WCCPv1-style GRE packets, unless allowed (via sysctl
variable); GRE processing must also be allowed. From
joeycoleman@acm.org, ok deraadt@ niklas@
| -rw-r--r-- | sys/netinet/ip_gre.c | 15 | ||||
| -rw-r--r-- | sys/netinet/ip_gre.h | 6 |
2 files changed, 15 insertions, 6 deletions
diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c index b547446ef96..46d483da853 100644 --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_gre.c,v 1.16 2002/03/24 01:26:05 angelos Exp $ */ +/* $OpenBSD: ip_gre.c,v 1.17 2002/04/03 20:37:28 angelos Exp $ */ /* $NetBSD: ip_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -150,8 +150,11 @@ gre_input2(m , hlen, proto) * The Internet Draft can be found if you look for * draft-forster-wrec-wccp-v1-00.txt * - * So yes, we're doing a fall-through. + * So yes, we're doing a fall-through (unless, of course, + * net.inet.gre.wccp is 0). */ + if (!gre_wccp) + return (0); case ETHERTYPE_IP: /* shouldn't need a schednetisr(), as */ ifq = &ipintrq; /* we are in ip_input */ af = AF_INET; @@ -183,7 +186,7 @@ gre_input2(m , hlen, proto) break; default: /* others not yet supported */ - return(0); + return (0); } m->m_data += hlen; @@ -245,7 +248,9 @@ gre_input(struct mbuf *m, ...) /* * ret == 0: packet not processed, but input from here * means no matching tunnel that is up is found, - * so we can just free the mbuf and return + * so we can just free the mbuf and return. It is also + * possible that we received a WCCPv1-style GRE packet + * but we're not set to accept them. */ if (!ret) m_freem(m); @@ -387,6 +392,8 @@ gre_sysctl(name, namelen, oldp, oldlenp, newp, newlen) switch (name[0]) { case GRECTL_ALLOW: return (sysctl_int(oldp, oldlenp, newp, newlen, &gre_allow)); + case GRECTL_WCCP: + return (sysctl_int(oldp, oldlenp, newp, newlen, &gre_wccp)); default: return (ENOPROTOOPT); } diff --git a/sys/netinet/ip_gre.h b/sys/netinet/ip_gre.h index 8eb35558763..3b44362e3b5 100644 --- a/sys/netinet/ip_gre.h +++ b/sys/netinet/ip_gre.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_gre.h,v 1.4 2002/03/24 01:26:05 angelos Exp $ */ +/* $OpenBSD: ip_gre.h,v 1.5 2002/04/03 20:37:28 angelos Exp $ */ /* $NetBSD: ip_gre.h,v 1.3 1998/10/07 23:33:02 thorpej Exp $ */ /* @@ -50,11 +50,13 @@ * Names for GRE sysctl objects */ #define GRECTL_ALLOW 1 /* accept incoming GRE packets */ -#define GRECTL_MAXID 2 +#define GRECTL_WCCP 2 /* accept WCCPv1-style GRE packets */ +#define GRECTL_MAXID 3 #define GRECTL_NAMES { \ { 0, 0 }, \ { "allow", CTLTYPE_INT }, \ + { "wccp", CTLTYPE_INT }, \ } /* |