Add a new sysctl net.inet.ip.check_interface, which will verify that

an incoming packet arrivees on an interface that has an address matching the packet's address. This is turned on by default.
author: jlemon <jlemon@FreeBSD.org> 2001-03-02 20:54:03 +0000
committer: jlemon <jlemon@FreeBSD.org> 2001-03-02 20:54:03 +0000
commit: 021d152d846c8f073aaea8a609dbeaebb29a7e66 (patch)
tree: 1b41ee42670bbd5d45789f438c08ef7bb1c92c4f /sys/netinet/ip_input.c
parent: 0e6ea63318fe28e058f9968b8be7e22ba6704adc (diff)
download: FreeBSD-src-021d152d846c8f073aaea8a609dbeaebb29a7e66.zip
FreeBSD-src-021d152d846c8f073aaea8a609dbeaebb29a7e66.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index ae60dec..85c1b96 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -124,6 +124,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW,
 	&ip_keepfaith,	0,
 	"Enable packet capture for FAITH IPv4->IPv6 translater daemon");
 
+static int	ip_checkinterface = 1;
+SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW,
+    &ip_checkinterface, 0, "Verify packet arrives on correct interface");
+
 #ifdef DIAGNOSTIC
 static int	ipprintfs = 0;
 #endif
@@ -513,7 +517,7 @@ pass:
 		 * check that the packet is either arriving from the
 		 * correct interface or is locally generated.
 		 */
-		if (ia->ia_ifp != m->m_pkthdr.rcvif &&
+		if (ia->ia_ifp != m->m_pkthdr.rcvif && ip_checkinterface &&
 		     (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0)
 			continue;
author	jlemon <jlemon@FreeBSD.org>	2001-03-02 20:54:03 +0000
committer	jlemon <jlemon@FreeBSD.org>	2001-03-02 20:54:03 +0000
commit	021d152d846c8f073aaea8a609dbeaebb29a7e66 (patch)
tree	1b41ee42670bbd5d45789f438c08ef7bb1c92c4f /sys/netinet/ip_input.c
parent	0e6ea63318fe28e058f9968b8be7e22ba6704adc (diff)
download	FreeBSD-src-021d152d846c8f073aaea8a609dbeaebb29a7e66.zip FreeBSD-src-021d152d846c8f073aaea8a609dbeaebb29a7e66.tar.gz