summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2004-06-29 20:13:08 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2004-06-29 20:13:08 +0000
commita7f2acb3b2fc05057e7197fada9e7d4f04db0285 (patch)
treef840fa7f965b72a4d420bd082249b67c59e8e07e /usr.sbin
parent627379c0e0deeddf1bb5ac0be011ccbfc8825298 (diff)
little extra paranoia, ignore attempts to enter routes with a nexthop
within 127/8. inspired by a very bad example for bogon filters at the cymru site, claudio ok
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/bgpd/kroute.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/usr.sbin/bgpd/kroute.c b/usr.sbin/bgpd/kroute.c
index 1de69983aae..9c34801a278 100644
--- a/usr.sbin/bgpd/kroute.c
+++ b/usr.sbin/bgpd/kroute.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kroute.c,v 1.100 2004/06/25 20:08:46 henning Exp $ */
+/* $OpenBSD: kroute.c,v 1.101 2004/06/29 20:13:07 henning Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -184,6 +184,11 @@ kr_change(struct kroute *kroute)
return (0);
}
+ /* nexthop within 127/8 -> ignore silently */
+ if ((kroute->nexthop.s_addr & htonl(0xff000000)) ==
+ inet_addr("127.0.0.0"))
+ return (0);
+
if (send_rtmsg(kr_state.fd, action, kroute) == -1)
return (-1);
@@ -217,6 +222,11 @@ kr_delete(struct kroute *kroute)
if (!(kr->r.flags & F_BGPD_INSERTED))
return (0);
+ /* nexthop within 127/8 -> ignore silently */
+ if ((kroute->nexthop.s_addr & htonl(0xff000000)) ==
+ inet_addr("127.0.0.0"))
+ return (0);
+
if (send_rtmsg(kr_state.fd, RTM_DELETE, kroute) == -1)
return (-1);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 15:23:43 +0000