diff options
| author | brian <brian@FreeBSD.org> | 1997-09-06 11:14:03 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 1997-09-06 11:14:03 +0000 |
| commit | 9d4f19ab2216d8e5d618452394909a2b1a56cf14 (patch) | |
| tree | 668e346dfba2ce20990950e184023ce1e064fc72 /sbin | |
| parent | afdfe1afbec93dad5295a9647951ea630b78662d (diff) | |
| download | FreeBSD-src-9d4f19ab2216d8e5d618452394909a2b1a56cf14.zip FreeBSD-src-9d4f19ab2216d8e5d618452394909a2b1a56cf14.tar.gz | |
Ingored incoming packets are now dropped when
deny_incoming option is set to yes.
Submitted by: Ari Suutari <ari@suutari.iki.fi>
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/natd/HISTORY | 6 | ||||
| -rw-r--r-- | sbin/natd/natd.c | 16 |
2 files changed, 20 insertions, 2 deletions
diff --git a/sbin/natd/HISTORY b/sbin/natd/HISTORY index 404be4b..7d3175b 100644 --- a/sbin/natd/HISTORY +++ b/sbin/natd/HISTORY @@ -111,3 +111,9 @@ fixed. Natd now waits with select(2) for buffer space to become available if write fails. - Packet aliasing library upgraded to 2.2. + +* Version 1.10 + + - Ignored incoming packets are now dropped when + deny_incoming option is set to yes. + - Packet aliasing library upgraded to 2.4. diff --git a/sbin/natd/natd.c b/sbin/natd/natd.c index 13cf6ab..ac99ac1 100644 --- a/sbin/natd/natd.c +++ b/sbin/natd/natd.c @@ -94,6 +94,7 @@ static char packetBuf[IP_MAXPACKET]; static int packetLen; static struct sockaddr_in packetAddr; static int packetSock; +static int dropIgnoredIncoming; int main (int argc, char** argv) { @@ -162,6 +163,11 @@ int main (int argc, char** argv) ParseOption ("port", DEFAULT_SERVICE, 0); /* + * Check if ignored packets should be dropped. + */ + dropIgnoredIncoming = PacketAliasSetMode (0, 0); + dropIgnoredIncoming &= PKT_ALIAS_DENY_INCOMING; +/* * Create divert sockets. Use only one socket if -p was specified * on command line. Otherwise, create separate sockets for * outgoing and incoming connnections. @@ -254,7 +260,6 @@ int main (int argc, char** argv) */ if (aliasAddr.s_addr != INADDR_NONE) PacketAliasSetAddress (aliasAddr); - /* * We need largest descriptor number for select. */ @@ -411,6 +416,7 @@ static void DoAliasing (int fd) { int bytes; int origBytes; + int status; int addrSize; struct ip* ip; @@ -486,7 +492,13 @@ static void DoAliasing (int fd) /* * Do aliasing. */ - PacketAliasIn (packetBuf, IP_MAXPACKET); + status = PacketAliasIn (packetBuf, IP_MAXPACKET); + if (status == PKT_ALIAS_IGNORED && + dropIgnoredIncoming) { + + printf (" dropped.\n"); + return; + } } /* * Length might have changed during aliasing. |
