Protect TCP in from malicious packets

[tabascoeye]

the tcp_input() function is checking for multicast or broadcast packets and drops them because they shouldn't be processed there.

This should be extended to also drop the following potentially malicious packets:

• suspected TCP LAND attacks (src ip == dst ip == local IP of host)
• packets fro IP src 0.0.0.0

[tabascoeye]

in src\core\tcp_in.c change function tcp_input():

  /* Don't even process incoming useless or malicious packets
   * - broadcasts/multicasts,
   * - suspected TCP LAND attacks (if the current interface is NOT a Loopback interface)
   * - Packets from IP source 0.0.0.0 */
  if (ip_addr_isbroadcast(&current_iphdr_dest, inp) ||
      ip_addr_ismulticast(&current_iphdr_dest) ||
     (ip_addr_cmp(&(iphdr->src), &(iphdr->dest)) && ip_addr_cmp(&(iphdr->src), &(inp->ip_addr)) && !ip_addr_isloopback(&(inp->ip_addr))) ||
      ip_addr_isany(&current_iphdr_src)) {
    TCP_STATS_INC(tcp.proterr);
    goto dropped;
  }