summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorsam <sam@FreeBSD.org>2003-10-16 16:25:25 +0000
committersam <sam@FreeBSD.org>2003-10-16 16:25:25 +0000
commitf9a06649081c3d77039dd47b7b7082e9a8ec75b5 (patch)
tree252d2355134a90508c6393434b267d9fa3e64ddf /sys
parentaa3ae742c325e5f14f864ae148650f705ca554fb (diff)
downloadFreeBSD-src-f9a06649081c3d77039dd47b7b7082e9a8ec75b5.zip
FreeBSD-src-f9a06649081c3d77039dd47b7b7082e9a8ec75b5.tar.gz
pfil hooks can modify packet contents so check if the destination
address has been changed when PFIL_HOOKS is enabled and, if it has, arrange for the proper action by ip*_forward. Supported by: FreeBSD Foundation Submitted by: Pyun YongHyeon
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_input.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index d0f82a8..02bd132 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -360,6 +360,10 @@ ip_input(struct mbuf *m)
u_int32_t divert_info = 0; /* packet divert/tee info */
struct ip_fw_args args;
struct route cro; /* copy of cached route */
+ int srcrt = 0; /* forward by ``src routing'' */
+#ifdef PFIL_HOOKS
+ struct in_addr odst; /* original dst address */
+#endif
#ifdef FAST_IPSEC
struct m_tag *mtag;
struct tdb_ident *tdbi;
@@ -516,13 +520,19 @@ iphack:
#ifdef PFIL_HOOKS
/*
* Run through list of hooks for input packets.
+ *
+ * NB: Beware of the destination address changing (e.g.
+ * by NAT rewriting). When this happens, tell
+ * ip_forward to do the right thing.
*/
+ odst = ip->ip_dst;
if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif,
PFIL_IN) != 0)
return;
if (m == NULL) /* consumed by filter */
return;
ip = mtod(m, struct ip *);
+ srcrt = (odst.s_addr != ip->ip_dst.s_addr);
#endif /* PFIL_HOOKS */
if (fw_enable && IPFW_LOADED) {
@@ -759,7 +769,7 @@ pass:
}
#endif /* FAST_IPSEC */
RTCACHE_GET(&cro);
- ip_forward(m, &cro, 0, args.next_hop);
+ ip_forward(m, &cro, srcrt, args.next_hop);
}
return;
OpenPOWER on IntegriCloud