diff options
| -rw-r--r-- | sys/netinet/ip_input.c | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index be63e54..dc8214e 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 - * $Id: ip_input.c,v 1.114 1999/02/09 16:55:46 wollman Exp $ + * $Id: ip_input.c,v 1.115 1999/02/22 18:19:57 des Exp $ */ #define _IP_VHL @@ -437,8 +437,12 @@ iphack: } pass: - if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, m->m_pkthdr.rcvif, IP_NAT_IN)) + if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, m->m_pkthdr.rcvif, IP_NAT_IN)) { +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif return; + } #endif /* !COMPAT_IPFW */ /* @@ -448,8 +452,12 @@ pass: * to be sent and the original packet to be freed). */ ip_nhops = 0; /* for source routed packets */ - if (hlen > sizeof (struct ip) && ip_dooptions(m)) + if (hlen > sizeof (struct ip) && ip_dooptions(m)) { +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif return; + } /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no * matter if it is destined to another node, or whether it is @@ -474,8 +482,6 @@ pass: ia = TAILQ_NEXT(ia, ia_link)) { #define satosin(sa) ((struct sockaddr_in *)(sa)) - if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr) - goto ours; #ifdef BOOTP_COMPAT if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY) goto ours; @@ -485,10 +491,15 @@ pass: * If the addr to forward to is one of ours, we pretend to * be the destination for this packet. */ - if (ip_fw_fwd_addr != NULL && - IA_SIN(ia)->sin_addr.s_addr == + if (ip_fw_fwd_addr == NULL) { + if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr) + goto ours; + } else if (IA_SIN(ia)->sin_addr.s_addr == ip_fw_fwd_addr->sin_addr.s_addr) goto ours; +#else + if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr) + goto ours; #endif if (ia->ia_ifp && ia->ia_ifp->if_flags & IFF_BROADCAST) { if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == @@ -555,6 +566,9 @@ pass: m_freem(m); } else ip_forward(m, 0); +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif return; ours: @@ -574,6 +588,9 @@ ours: frag_divert_port = 0; ip_divert_cookie = 0; #endif +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif return; } ip = mtod(m, struct ip *); |
