|
| 1 | +From 2f223855782a312108019074e3365e29e51c10ce Mon Sep 17 00:00:00 2001 |
| 2 | +From: Seth Schoen <schoen@loyalty.org> |
| 3 | +Date: Fri, 18 Nov 2022 15:33:28 -0800 |
| 4 | +Subject: [PATCH] Don't treat 0/8 and 240/4 specially in IPv4 classification |
| 5 | + |
| 6 | +With the exception of 0.0.0.0 and 255.255.255.255, which have additional |
| 7 | +special meanings, treat 0/8 and 240/4 as normal unicast addresses by |
| 8 | +default. This is because some people are experimenting with using these |
| 9 | +addresses as regular unicast (either for private addresses or for potential |
| 10 | +future public addresses). |
| 11 | + |
| 12 | +On the public Internet, they would still currently be regarded as bogons and |
| 13 | +one could make (maybe by default) a bogon-filtering rule in bird.conf that |
| 14 | +would not permit these addresses to be routed, e.g. with a pair of static |
| 15 | +routes |
| 16 | + |
| 17 | +route 0.0.0.0/8 prohibit; |
| 18 | +route 240.0.0.0/4 prohibit; |
| 19 | + |
| 20 | +Dave Taht, who wrote a prior version of this patch, suggested that in |
| 21 | +any case it is better to have bogons defined in a configuration file |
| 22 | +than hard-coded in software. |
| 23 | +--- |
| 24 | + lib/ip.c | 7 +++++-- |
| 25 | + lib/ip.h | 2 +- |
| 26 | + 2 files changed, 6 insertions(+), 3 deletions(-) |
| 27 | + |
| 28 | +diff --git a/lib/ip.c b/lib/ip.c |
| 29 | +index 4c5fa47f..e13bbce0 100644 |
| 30 | +--- a/lib/ip.c |
| 31 | ++++ b/lib/ip.c |
| 32 | +@@ -87,8 +87,10 @@ ip4_classify(ip4_addr ad) |
| 33 | + |
| 34 | + if (b < 0xe0) |
| 35 | + { |
| 36 | +- if (b == 0x00) /* 0.0.0.0/8 This network */ |
| 37 | ++ if (a == 0x00000000) /* 0.0.0.0/32 Unset address */ |
| 38 | + return IADDR_INVALID; |
| 39 | ++ /* 0.0.0.0/8 is otherwise reserved, but |
| 40 | ++ * some people are using it or trying to */ |
| 41 | + |
| 42 | + if (b == 0x7f) /* 127.0.0.0/8 Loopback address */ |
| 43 | + return IADDR_HOST | SCOPE_HOST; |
| 44 | +@@ -107,7 +109,8 @@ ip4_classify(ip4_addr ad) |
| 45 | + if (a == 0xffffffff) /* 255.255.255.255 Broadcast address */ |
| 46 | + return IADDR_BROADCAST | SCOPE_LINK; |
| 47 | + |
| 48 | +- return IADDR_HOST | SCOPE_SITE; /* 240.0.0.0/4 Reserved / private */ |
| 49 | ++ return IADDR_HOST | SCOPE_UNIVERSE; /* 240.0.0.0/4 Reserved / private, but |
| 50 | ++ * some people are using it or trying to */ |
| 51 | + } |
| 52 | + |
| 53 | + int |
| 54 | +diff --git a/lib/ip.h b/lib/ip.h |
| 55 | +index 9eef2e16..875b9f5e 100644 |
| 56 | +--- a/lib/ip.h |
| 57 | ++++ b/lib/ip.h |
| 58 | +@@ -245,7 +245,7 @@ static inline int ip6_is_v4mapped(ip6_addr a) |
| 59 | + #define ipa_is_link_local(x) ip6_is_link_local(x) |
| 60 | + |
| 61 | + static inline int ip4_is_unicast(ip4_addr a) |
| 62 | +-{ return _I(a) < 0xe0000000; } |
| 63 | ++{ return _I(a) < 0xe0000000 || (_I(a) >= 0xf0000000 && _I(a) != 0xffffffff); } |
| 64 | + |
| 65 | + /* XXXX remove */ |
| 66 | + static inline int ipa_classify_net(ip_addr a) |
| 67 | +-- |
| 68 | +2.25.1 |
| 69 | + |
0 commit comments