From 74ae2b39bb5f94e3fea3d590012d579e189f990f Mon Sep 17 00:00:00 2001
From: maxv <maxv@NetBSD.org>
Date: Mon, 5 Feb 2018 14:23:38 +0000
Subject: [PATCH] Be tougher, and don't allow LSRR+SSRR (RFC7126).

---
 sys/netinet/ip_input.c | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 2f91d022cf5c..e950c7240e21 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.368 2018/02/05 13:52:39 maxv Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.369 2018/02/05 14:23:38 maxv Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.368 2018/02/05 13:52:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.369 2018/02/05 14:23:38 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -873,14 +873,13 @@ ip_dooptions(struct mbuf *m)
 	struct ip_timestamp *ipt;
 	struct in_ifaddr *ia;
 	int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0;
-	int lsrr_present, ssrr_present, rr_present, ts_present;
+	int srr_present, rr_present, ts_present;
 	struct in_addr dst;
 	n_time ntime;
 	struct ifaddr *ifa = NULL;
 	int s;
 
-	lsrr_present = 0;
-	ssrr_present = 0;
+	srr_present = 0;
 	rr_present = 0;
 	ts_present = 0;
 
@@ -931,16 +930,9 @@ ip_dooptions(struct mbuf *m)
 				code = ICMP_UNREACH_NET_PROHIB;
 				goto bad;
 			}
-			if (opt == IPOPT_LSRR) {
-				if (lsrr_present++) {
-					code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
-					goto bad;
-				}
-			} else {
-				if (ssrr_present++) {
-					code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
-					goto bad;
-				}
+			if (srr_present++) {
+				code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
+				goto bad;
 			}
 			if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
 				code = &cp[IPOPT_OLEN] - (u_char *)ip;