diff options
author | truckman <truckman@FreeBSD.org> | 2001-03-04 01:39:19 +0000 |
---|---|---|
committer | truckman <truckman@FreeBSD.org> | 2001-03-04 01:39:19 +0000 |
commit | 3a29c2f4df782f7fddae75438b810805211a8ce8 (patch) | |
tree | c6852df143e5846e47169905c7943e91d734c513 /crypto/openssh/auth-krb5.c | |
parent | 6a1cc9f79fb9e7eafdea1794998b46874779b495 (diff) | |
download | FreeBSD-src-3a29c2f4df782f7fddae75438b810805211a8ce8.zip FreeBSD-src-3a29c2f4df782f7fddae75438b810805211a8ce8.tar.gz |
Disable interface checking when IP forwarding is engaged so that packets
addressed to the interface on the other side of the box follow their
historical path.
Explicitly block packets sent to the loopback network sent from the outside,
which is consistent with the behavior of the forwarding path between
interfaces as implemented in in_canforward().
Always check the arrival interface when matching the packet destination
against the interface broadcast addresses. This bug allowed TCP
connections to be made to the broadcast address of an interface on the
far side of the system because the M_BCAST flag was not set because the
packet was unicast to the interface on the near side. This was broken
when the directed broadcast code was removed from revision 1.32. If
the directed broadcast code was stil present, the destination would not
have been recognized as local until the packet was forwarded to the output
interface and ether_output() looped a copy back to ip_input() with
M_BCAST set and the receive interface set to the output interface.
Optimize the order of the tests.
Reviewed by: jlemon
Diffstat (limited to 'crypto/openssh/auth-krb5.c')
0 files changed, 0 insertions, 0 deletions