Nuke INTR_NETSAFE
[dragonfly/netmp.git] / contrib / tcp_wrappers / fix_options.c
blob9e6769b6b4e4a3f65c5010eee8ebb6ba07e0ebf7
1 /*
2 * Routine to disable IP-level socket options. This code was taken from 4.4BSD
3 * rlogind and kernel source, but all mistakes in it are my fault.
5 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
7 * $FreeBSD: src/contrib/tcp_wrappers/fix_options.c,v 1.2 2000/02/03 10:26:57 shin Exp $
8 * $DragonFly: src/contrib/tcp_wrappers/fix_options.c,v 1.2 2003/06/17 04:24:06 dillon Exp $
9 */
11 #ifndef lint
12 static char sccsid[] = "@(#) fix_options.c 1.6 97/04/08 02:29:19";
13 #endif
15 #include <sys/types.h>
16 #include <sys/param.h>
17 #ifdef INET6
18 #include <sys/socket.h>
19 #endif
20 #include <netinet/in.h>
21 #include <netinet/in_systm.h>
22 #include <netinet/ip.h>
23 #include <netdb.h>
24 #include <stdio.h>
25 #include <syslog.h>
27 #ifndef IPOPT_OPTVAL
28 #define IPOPT_OPTVAL 0
29 #define IPOPT_OLEN 1
30 #endif
32 #include "tcpd.h"
34 #define BUFFER_SIZE 512 /* Was: BUFSIZ */
36 /* fix_options - get rid of IP-level socket options */
38 fix_options(request)
39 struct request_info *request;
41 #ifdef IP_OPTIONS
42 unsigned char optbuf[BUFFER_SIZE / 3], *cp;
43 char lbuf[BUFFER_SIZE], *lp;
44 int optsize = sizeof(optbuf), ipproto;
45 struct protoent *ip;
46 int fd = request->fd;
47 unsigned int opt;
48 int optlen;
49 struct in_addr dummy;
50 #ifdef INET6
51 struct sockaddr_storage ss;
52 int sslen;
55 * check if this is AF_INET socket
56 * XXX IPv6 support?
58 sslen = sizeof(ss);
59 if (getsockname(fd, (struct sockaddr *)&ss, &sslen) < 0) {
60 syslog(LOG_ERR, "getpeername: %m");
61 clean_exit(request);
63 if (ss.ss_family != AF_INET)
64 return;
65 #endif
67 if ((ip = getprotobyname("ip")) != 0)
68 ipproto = ip->p_proto;
69 else
70 ipproto = IPPROTO_IP;
72 if (getsockopt(fd, ipproto, IP_OPTIONS, (char *) optbuf, &optsize) == 0
73 && optsize != 0) {
76 * Horror! 4.[34] BSD getsockopt() prepends the first-hop destination
77 * address to the result IP options list when source routing options
78 * are present (see <netinet/ip_var.h>), but produces no output for
79 * other IP options. Solaris 2.x getsockopt() does produce output for
80 * non-routing IP options, and uses the same format as BSD even when
81 * the space for the destination address is unused. The code below
82 * does the right thing with 4.[34]BSD derivatives and Solaris 2, but
83 * may occasionally miss source routing options on incompatible
84 * systems such as Linux. Their choice.
86 * Look for source routing options. Drop the connection when one is
87 * found. Just wiping the IP options is insufficient: we would still
88 * help the attacker by providing a real TCP sequence number, and the
89 * attacker would still be able to send packets (blind spoofing). I
90 * discussed this attack with Niels Provos, half a year before the
91 * attack was described in open mailing lists.
93 * It would be cleaner to just return a yes/no reply and let the caller
94 * decide how to deal with it. Resident servers should not terminate.
95 * However I am not prepared to make changes to internal interfaces
96 * on short notice.
98 #define ADDR_LEN sizeof(dummy.s_addr)
100 for (cp = optbuf + ADDR_LEN; cp < optbuf + optsize; cp += optlen) {
101 opt = cp[IPOPT_OPTVAL];
102 if (opt == IPOPT_LSRR || opt == IPOPT_SSRR) {
103 syslog(LOG_WARNING,
104 "refused connect from %s with IP source routing options",
105 eval_client(request));
106 shutdown(fd, 2);
107 return;
109 if (opt == IPOPT_EOL)
110 break;
111 if (opt == IPOPT_NOP) {
112 optlen = 1;
113 } else {
114 optlen = cp[IPOPT_OLEN];
115 if (optlen <= 0) /* Do not loop! */
116 break;
119 lp = lbuf;
120 for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
121 sprintf(lp, " %2.2x", *cp);
122 syslog(LOG_NOTICE,
123 "connect from %s with IP options (ignored):%s",
124 eval_client(request), lbuf);
125 if (setsockopt(fd, ipproto, IP_OPTIONS, (char *) 0, optsize) != 0) {
126 syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m");
127 shutdown(fd, 2);
130 #endif