1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-26 16:18:31 +00:00

When iterating over our list of interface addresses in order to determine

if an arriving packet belongs to us, also check that the packet arrived
through the correct interface.  Skip this check if the packet was locally
generated.
This commit is contained in:
Jonathan Lemon 2001-02-27 19:43:14 +00:00
parent 6f8e45340c
commit 7538a9a0f8
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=73172

View File

@ -256,6 +256,7 @@ ip_input(struct mbuf *m)
int i, hlen;
u_short sum;
u_int16_t divert_cookie; /* firewall cookie */
struct in_addr pkt_dst;
#ifdef IPDIVERT
u_int32_t divert_info = 0; /* packet divert/tee info */
#endif
@ -494,6 +495,13 @@ ip_input(struct mbuf *m)
(m->m_flags & (M_MCAST|M_BCAST)) == 0)
goto ours;
/*
* Cache the destination address of the packet; this may be
* changed by use of 'ipfw fwd'.
*/
pkt_dst = ip_fw_fwd_addr == NULL ?
ip->ip_dst : ip_fw_fwd_addr->sin_addr;
TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
#define satosin(sa) ((struct sockaddr_in *)(sa))
@ -501,26 +509,22 @@ ip_input(struct mbuf *m)
if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY)
goto ours;
#endif
#ifdef IPFIREWALL_FORWARD
/*
* If the addr to forward to is one of ours, we pretend to
* be the destination for this packet.
* check that the packet is either arriving from the
* correct interface or is locally generated.
*/
if (ip_fw_fwd_addr == NULL) {
if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr)
goto ours;
} else if (IA_SIN(ia)->sin_addr.s_addr ==
ip_fw_fwd_addr->sin_addr.s_addr)
if (ia->ia_ifp != m->m_pkthdr.rcvif &&
(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0)
continue;
if (IA_SIN(ia)->sin_addr.s_addr == pkt_dst.s_addr)
goto ours;
#else
if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr)
goto ours;
#endif
if (ia->ia_ifp && ia->ia_ifp->if_flags & IFF_BROADCAST) {
if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr ==
ip->ip_dst.s_addr)
pkt_dst.s_addr)
goto ours;
if (ip->ip_dst.s_addr == ia->ia_netbroadcast.s_addr)
if (ia->ia_netbroadcast.s_addr == pkt_dst.s_addr)
goto ours;
}
}