mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-17 15:27:36 +00:00
Code Issues Releases Activity

Add a new sysctl net.inet.ip.check_interface, which will verify that

Browse Source 
an incoming packet arrivees on an interface that has an address matching
the packet's address.  This is turned on by default.
This commit is contained in:
Jonathan Lemon 2001-03-02 20:54:03 +00:00
parent 358325bf4a
commit b3e95d4ed0
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=73357
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/netinet/ip_input.c
View File

@ -124,6 +124,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW,
&ip_keepfaith, 0,
"Enable packet capture for FAITH IPv4->IPv6 translater daemon");
static int ip_checkinterface = 1;
SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW,
&ip_checkinterface, 0, "Verify packet arrives on correct interface");
#ifdef DIAGNOSTIC
static int ipprintfs = 0;
#endif
@ -513,7 +517,7 @@ ip_input(struct mbuf *m)
* check that the packet is either arriving from the
* correct interface or is locally generated.
*/
if (ia->ia_ifp != m->m_pkthdr.rcvif &&
if (ia->ia_ifp != m->m_pkthdr.rcvif && ip_checkinterface &&
(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0)
continue;