netbsd-bugs: kern/5381: header checksum not verified in ip

Subject: kern/5381: header checksum not verified in ip_flow.c fast path
To: None <gnats-bugs@gnats.netbsd.org>
From: None <dennis@juniper.net>
List: netbsd-bugs
Date: 04/30/1998 21:24:25

>Number:         5381
>Category:       kern
>Synopsis:       header checksum not verified in ip_flow.c fast path
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 30 21:20:00 1998
>Last-Modified:
>Originator:     Dennis Ferguson
>Organization:
Juniper Networks
>Release:        NetBSD-current April 30 1998
>Environment:

>Description:

In netinet/ip_flow.c, ipflow_fastforward() appears to forward packets
without first verifying the IP header checksum.  This violates RFC 1812
section 4.2.2.5 and is otherwise not good practice.

>How-To-Repeat:

>Fix:

Verify the IP header checksum.  If you want to do it quickly you can
do the 4 (32-bit) or 9 (16-bit) adds required inline rather than
calling in_cksum().
>Audit-Trail:
>Unformatted: