Add new sysctl variable: net.inet.ip.accept_sourceroute

It controls if the system is to accept source routed packets.
It used to be such that, no matter if the setting of net.inet.ip.sourceroute,
source routed packets destined at us would be accepted. Now it is
controllable with eth default set to NOT accept those.

sys/netinet/in.h

@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)in.h	8.3 (Berkeley) 1/3/94
- * $Id: in.h,v 1.26 1997/02/22 09:41:28 peter Exp $
+ * $Id: in.h,v 1.27 1997/09/25 00:34:35 wollman Exp $
  */
 
 #ifndef _NETINET_IN_H_
@@ -303,7 +303,8 @@ struct ip_mreq {
 #define IPCTL_INTRQMAXLEN	10	/* max length of netisr queue */
 #define IPCTL_INTRQDROPS	11	/* number of netisr q drops */
 #define	IPCTL_STATS		12	/* ipstat structure */
-#define	IPCTL_MAXID		13
+#define	IPCTL_ACCEPTSOURCEROUTE	13	/* may accept source routed packets */
+#define	IPCTL_MAXID		14
 
 #define	IPCTL_NAMES { \
 	{ 0, 0 }, \
@@ -319,6 +320,7 @@ struct ip_mreq {
 	{ "intr-queue-maxlen", CTLTYPE_INT }, \
 	{ "intr-queue-drops", CTLTYPE_INT }, \
 	{ "stats", CTLTYPE_STRUCT }, \
+	{ "accept_sourceroute", CTLTYPE_INT }, \
 }
 
 

sys/netinet/ip_input.c

@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
- * $Id: ip_input.c,v 1.76 1998/02/11 18:43:42 guido Exp $
+ * $Id: ip_input.c,v 1.77 1998/02/12 03:37:45 ache Exp $
  *	$ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $
  */
 
@@ -94,6 +94,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW,
 static int	ip_dosourceroute = 0;
 SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW,
 	&ip_dosourceroute, 0, "");
+
+static int	ip_acceptsourceroute = 0;
+SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute,
+	CTLFLAG_RW, &ip_acceptsourceroute, 0, "");
 #ifdef DIAGNOSTIC
 static int	ipprintfs = 0;
 #endif
@@ -965,6 +969,8 @@ ip_dooptions(m)
 				/*
 				 * End of source route.  Should be for us.
 				 */
+				if (!ip_acceptsourceroute)
+					goto nosourcerouting;
 				save_rte(cp, ip->ip_src);
 				break;
 			}