reject multicast packets

bin/named/client.c

@@ -825,6 +825,10 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		} else {
 			client->attributes &= ~NS_CLIENTATTR_PKTINFO;
 		}
+		if ((devent->attributes & ISC_SOCKEVENTATTR_MULTICAST) != 0)
+			client->attributes |= NS_CLIENTATTR_MULTICAST;
+		else
+			client->attributes &= ~NS_CLIENTATTR_MULTICAST;
 	} else {
 		INSIST(TCP_CLIENT(client));
 		REQUIRE(event->ev_type == DNS_EVENT_TCPMSG);
@@ -860,6 +864,13 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		goto cleanup_serverlock;
 	}
 
+	if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0) {
+		ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
+			      "ignoring multicast request");
+		ns_client_error(client, DNS_R_REFUSED);
+	}
+
 	result = dns_message_parse(client->message, buffer, ISC_FALSE);
 	if (result != ISC_R_SUCCESS) {
 		ns_client_error(client, result);

bin/named/include/named/client.h

@@ -132,6 +132,7 @@ struct ns_client {
 #define NS_CLIENTATTR_TCP		0x01
 #define NS_CLIENTATTR_RA		0x02 /* Client gets recusive service */
 #define NS_CLIENTATTR_PKTINFO		0x04 /* pktinfo is valid */
+#define NS_CLIENTATTR_MULTICAST		0x08 /* recv'd from multicast */
 
 /***
  *** Functions