diff options
author | julian <julian@FreeBSD.org> | 1999-03-12 01:15:57 +0000 |
---|---|---|
committer | julian <julian@FreeBSD.org> | 1999-03-12 01:15:57 +0000 |
commit | 10962136cf7fbc75a1bd22a787b0d92c5b8a655b (patch) | |
tree | ec6f73ec9d9f458b492830c9a00776b580f676c3 /sys/netinet | |
parent | 4726cfcda9bf1e3d68640fb7dd5cc879b69cc5ab (diff) | |
download | FreeBSD-src-10962136cf7fbc75a1bd22a787b0d92c5b8a655b.zip FreeBSD-src-10962136cf7fbc75a1bd22a787b0d92c5b8a655b.tar.gz |
Fix the 'fwd' option to ipfw when asked to divert to another machine.
also rely less on other modules clearing static values, and clear them
in a few cases we missed before.
Submitted by: Matthew Reimer <mreimer@vpop.net>
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_input.c | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index be63e54..dc8214e 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 - * $Id: ip_input.c,v 1.114 1999/02/09 16:55:46 wollman Exp $ + * $Id: ip_input.c,v 1.115 1999/02/22 18:19:57 des Exp $ */ #define _IP_VHL @@ -437,8 +437,12 @@ iphack: } pass: - if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, m->m_pkthdr.rcvif, IP_NAT_IN)) + if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, m->m_pkthdr.rcvif, IP_NAT_IN)) { +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif return; + } #endif /* !COMPAT_IPFW */ /* @@ -448,8 +452,12 @@ pass: * to be sent and the original packet to be freed). */ ip_nhops = 0; /* for source routed packets */ - if (hlen > sizeof (struct ip) && ip_dooptions(m)) + if (hlen > sizeof (struct ip) && ip_dooptions(m)) { +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif return; + } /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no * matter if it is destined to another node, or whether it is @@ -474,8 +482,6 @@ pass: ia = TAILQ_NEXT(ia, ia_link)) { #define satosin(sa) ((struct sockaddr_in *)(sa)) - if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr) - goto ours; #ifdef BOOTP_COMPAT if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY) goto ours; @@ -485,10 +491,15 @@ pass: * If the addr to forward to is one of ours, we pretend to * be the destination for this packet. */ - if (ip_fw_fwd_addr != NULL && - IA_SIN(ia)->sin_addr.s_addr == + if (ip_fw_fwd_addr == NULL) { + if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr) + goto ours; + } else if (IA_SIN(ia)->sin_addr.s_addr == ip_fw_fwd_addr->sin_addr.s_addr) goto ours; +#else + if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr) + goto ours; #endif if (ia->ia_ifp && ia->ia_ifp->if_flags & IFF_BROADCAST) { if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == @@ -555,6 +566,9 @@ pass: m_freem(m); } else ip_forward(m, 0); +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif return; ours: @@ -574,6 +588,9 @@ ours: frag_divert_port = 0; ip_divert_cookie = 0; #endif +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif return; } ip = mtod(m, struct ip *); |