mirror of
https://git.FreeBSD.org/src.git
synced 2025-02-08 08:27:00 +00:00
tcp/ipfw: fix "ipfw fwd localaddr,port"
The ipfw(4) feature of forwarding to local address without modifying a packet was broken. The first lookup needs always be a non-wildcard one, cause its goal is to find an already existing socket. Otherwise a local wildcard listener with the same port number may match resulting in the connection being forwared to wrong port. Reported by: Pavel Polyakov <bsd kobyla.org> Fixes: d88eb4654f372d0451139a1dbf525a8f2cad1cf8
This commit is contained in:
parent
c47015fafa
commit
aab8c844b9
@ -834,7 +834,7 @@ findpcb:
|
||||
*/
|
||||
inp = in6_pcblookup_mbuf(&V_tcbinfo,
|
||||
&ip6->ip6_src, th->th_sport, &ip6->ip6_dst, th->th_dport,
|
||||
lookupflag, m->m_pkthdr.rcvif, m);
|
||||
lookupflag & ~INPLOOKUP_WILDCARD, m->m_pkthdr.rcvif, m);
|
||||
if (!inp) {
|
||||
/*
|
||||
* It's new. Try to find the ambushing socket.
|
||||
@ -865,7 +865,8 @@ findpcb:
|
||||
* already got one like this?
|
||||
*/
|
||||
inp = in_pcblookup_mbuf(&V_tcbinfo, ip->ip_src, th->th_sport,
|
||||
ip->ip_dst, th->th_dport, lookupflag, m->m_pkthdr.rcvif, m);
|
||||
ip->ip_dst, th->th_dport, lookupflag & ~INPLOOKUP_WILDCARD,
|
||||
m->m_pkthdr.rcvif, m);
|
||||
if (!inp) {
|
||||
/*
|
||||
* It's new. Try to find the ambushing socket.
|
||||
|
Loading…
x
Reference in New Issue
Block a user