summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_fw.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_fw.c')
-rw-r--r--sys/netinet/ip_fw.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index 66dc6f1..8a53b1f 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -47,6 +47,7 @@
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
+#include <netinet/in_var.h>
#include <netinet/in_pcb.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
@@ -947,6 +948,7 @@ ip_fw_chk(struct ip **pip, int hlen,
struct ip_fw *f = NULL, *rule = NULL;
struct ip *ip = *pip;
struct ifnet *const rif = (*m)->m_pkthdr.rcvif;
+ struct ifnet *tif;
u_short offset = 0 ;
u_short src_port = 0, dst_port = 0;
struct in_addr src_ip, dst_ip; /* XXX */
@@ -1111,6 +1113,16 @@ again:
if ((f->fw_flg & IP_FW_F_FRAG) && offset == 0 )
continue;
+ if (f->fw_flg & IP_FW_F_SME) {
+ INADDR_TO_IFP(src_ip, tif);
+ if (tif == NULL)
+ continue;
+ }
+ if (f->fw_flg & IP_FW_F_DME) {
+ INADDR_TO_IFP(dst_ip, tif);
+ if (tif == NULL)
+ continue;
+ }
/* If src-addr doesn't match, not this rule. */
if (((f->fw_flg & IP_FW_F_INVSRC) != 0) ^ ((src_ip.s_addr
& f->fw_smsk.s_addr) != f->fw_src.s_addr))
OpenPOWER on IntegriCloud