From: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Wed, 20 May 2015 00:47:23 +0000 (-0700)
Subject: Block martian address configuration on an interface and also block from
X-Git-Tag: frr-2.0-rc1~1507
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=d914d5ff0e997eea6f59e1df54a334276db6d8d7;p=mirror%2Ffrr.git

Block martian address configuration on an interface and also block from
getting installed into the zebra tables.
---

diff --git a/lib/prefix.h b/lib/prefix.h
index 45889e0862..c02317a587 100644
--- a/lib/prefix.h
+++ b/lib/prefix.h
@@ -220,13 +220,26 @@ extern void masklen2ip6 (const int, struct in6_addr *);
 extern void str2in6_addr (const char *, struct in6_addr *);
 extern const char *inet6_ntoa (struct in6_addr);
 
+static inline int ipv6_martian (struct in6_addr *addr)
+{
+  struct in6_addr localhost_addr;
+
+  inet_pton (AF_INET6, "::1", &localhost_addr);
+
+  if (IPV6_ADDR_SAME(&localhost_addr, addr))
+    return 1;
+
+  return 0;
+}
+
 #endif /* HAVE_IPV6 */
 
 extern int all_digit (const char *);
 
+/* NOTE: This routine expects the address argument in network byte order. */
 static inline int ipv4_martian (struct in_addr *addr)
 {
-  in_addr_t ip = addr->s_addr;
+  in_addr_t ip = ntohl(addr->s_addr);
 
   if (IPV4_NET0(ip) || IPV4_NET127(ip) || IPV4_CLASS_DE(ip)) {
     return 1;
diff --git a/zebra/connected.c b/zebra/connected.c
index c4f87f4cb8..4d6224cc9b 100644
--- a/zebra/connected.c
+++ b/zebra/connected.c
@@ -209,6 +209,9 @@ connected_add_ipv4 (struct interface *ifp, int flags, struct in_addr *addr,
   struct prefix_ipv4 *p;
   struct connected *ifc;
 
+  if (ipv4_martian(addr))
+    return;
+
   /* Make connected structure. */
   ifc = connected_new ();
   ifc->ifp = ifp;
@@ -368,6 +371,9 @@ connected_add_ipv6 (struct interface *ifp, int flags, struct in6_addr *addr,
   struct prefix_ipv6 *p;
   struct connected *ifc;
 
+  if (ipv6_martian(addr))
+    return;
+
   /* Make connected structure. */
   ifc = connected_new ();
   ifc->ifp = ifp;
diff --git a/zebra/interface.c b/zebra/interface.c
index da5e41e8dc..9f7ec0a527 100644
--- a/zebra/interface.c
+++ b/zebra/interface.c
@@ -1285,6 +1285,12 @@ ip_address_install (struct vty *vty, struct interface *ifp,
       return CMD_WARNING;
     }
 
+  if (ipv4_martian(&cp.prefix))
+    {
+      vty_out (vty, "%% Invalid address%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
+
   ifc = connected_check (ifp, (struct prefix *) &cp);
   if (! ifc)
     {
@@ -1469,6 +1475,12 @@ ipv6_address_install (struct vty *vty, struct interface *ifp,
       return CMD_WARNING;
     }
 
+  if (ipv6_martian(&cp.prefix))
+    {
+      vty_out (vty, "%% Invalid address%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
+
   ifc = connected_check (ifp, (struct prefix *) &cp);
   if (! ifc)
     {