2 * Routine to disable IP-level socket options. This code was taken from 4.4BSD
3 * rlogind and kernel source, but all mistakes in it are my fault.
5 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
7 * $FreeBSD: src/contrib/tcp_wrappers/fix_options.c,v 1.2 2000/02/03 10:26:57 shin Exp $
8 * $DragonFly: src/contrib/tcp_wrappers/fix_options.c,v 1.2 2003/06/17 04:24:06 dillon Exp $
12 static char sccsid
[] = "@(#) fix_options.c 1.6 97/04/08 02:29:19";
15 #include <sys/types.h>
16 #include <sys/param.h>
18 #include <sys/socket.h>
20 #include <netinet/in.h>
21 #include <netinet/in_systm.h>
22 #include <netinet/ip.h>
28 #define IPOPT_OPTVAL 0
34 #define BUFFER_SIZE 512 /* Was: BUFSIZ */
36 /* fix_options - get rid of IP-level socket options */
40 struct request_info
*request
;
43 unsigned char optbuf
[BUFFER_SIZE
/ 3], *cp
;
44 char lbuf
[BUFFER_SIZE
], *lp
;
45 int optsize
= sizeof(optbuf
), ipproto
;
52 struct sockaddr_storage ss
;
56 * check if this is AF_INET socket
60 if (getsockname(fd
, (struct sockaddr
*)&ss
, &sslen
) < 0) {
61 syslog(LOG_ERR
, "getpeername: %m");
64 if (ss
.ss_family
!= AF_INET
)
68 if ((ip
= getprotobyname("ip")) != 0)
69 ipproto
= ip
->p_proto
;
73 if (getsockopt(fd
, ipproto
, IP_OPTIONS
, (char *) optbuf
, &optsize
) == 0
77 * Horror! 4.[34] BSD getsockopt() prepends the first-hop destination
78 * address to the result IP options list when source routing options
79 * are present (see <netinet/ip_var.h>), but produces no output for
80 * other IP options. Solaris 2.x getsockopt() does produce output for
81 * non-routing IP options, and uses the same format as BSD even when
82 * the space for the destination address is unused. The code below
83 * does the right thing with 4.[34]BSD derivatives and Solaris 2, but
84 * may occasionally miss source routing options on incompatible
85 * systems such as Linux. Their choice.
87 * Look for source routing options. Drop the connection when one is
88 * found. Just wiping the IP options is insufficient: we would still
89 * help the attacker by providing a real TCP sequence number, and the
90 * attacker would still be able to send packets (blind spoofing). I
91 * discussed this attack with Niels Provos, half a year before the
92 * attack was described in open mailing lists.
94 * It would be cleaner to just return a yes/no reply and let the caller
95 * decide how to deal with it. Resident servers should not terminate.
96 * However I am not prepared to make changes to internal interfaces
99 #define ADDR_LEN sizeof(dummy.s_addr)
101 for (cp
= optbuf
+ ADDR_LEN
; cp
< optbuf
+ optsize
; cp
+= optlen
) {
102 opt
= cp
[IPOPT_OPTVAL
];
103 if (opt
== IPOPT_LSRR
|| opt
== IPOPT_SSRR
) {
105 "refused connect from %s with IP source routing options",
106 eval_client(request
));
110 if (opt
== IPOPT_EOL
)
112 if (opt
== IPOPT_NOP
) {
115 optlen
= cp
[IPOPT_OLEN
];
116 if (optlen
<= 0) /* Do not loop! */
121 for (cp
= optbuf
; optsize
> 0; cp
++, optsize
--, lp
+= 3)
122 sprintf(lp
, " %2.2x", *cp
);
124 "connect from %s with IP options (ignored):%s",
125 eval_client(request
), lbuf
);
126 if (setsockopt(fd
, ipproto
, IP_OPTIONS
, (char *) 0, optsize
) != 0) {
127 syslog(LOG_ERR
, "setsockopt IP_OPTIONS NULL: %m");