diff options
Diffstat (limited to 'sys/netinet/tcp_input.c')
-rw-r--r-- | sys/netinet/tcp_input.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 95d21ce..25db5c1 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -358,8 +358,15 @@ tcp_input(m, off0) struct ip6_hdr *ip6 = NULL; int isipv6; #endif /* INET6 */ + struct sockaddr_in *next_hop = NULL; int rstreason; /* For badport_bandlim accounting purposes */ + /* Grab info from MT_TAG mbufs prepended to the chain. */ + for (;m && m->m_type == MT_TAG; m = m->m_next) { + if (m->m_tag_id == PACKET_TAG_IPFORWARD) + next_hop = (struct sockaddr_in *)m->m_hdr.mh_data; + } + #ifdef INET6 isipv6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0; #endif @@ -512,14 +519,14 @@ tcp_input(m, off0) INP_INFO_WLOCK(&tcbinfo); headlocked = 1; findpcb: -#ifdef IPFIREWALL_FORWARD - if (ip_fw_fwd_addr != NULL + /* IPFIREWALL_FORWARD section */ + if (next_hop != NULL #ifdef INET6 && isipv6 == NULL /* IPv6 support is not yet */ #endif /* INET6 */ ) { /* - * Diverted. Pretend to be the destination. + * Transparently forwarded. Pretend to be the destination. * already got one like this? */ inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport, @@ -528,21 +535,19 @@ findpcb: /* * No, then it's new. Try find the ambushing socket */ - if (!ip_fw_fwd_addr->sin_port) { + if (next_hop->sin_port == 0) { inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, - th->th_sport, ip_fw_fwd_addr->sin_addr, + th->th_sport, next_hop->sin_addr, th->th_dport, 1, m->m_pkthdr.rcvif); } else { inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport, - ip_fw_fwd_addr->sin_addr, - ntohs(ip_fw_fwd_addr->sin_port), 1, + next_hop->sin_addr, + ntohs(next_hop->sin_port), 1, m->m_pkthdr.rcvif); } } - ip_fw_fwd_addr = NULL; } else -#endif /* IPFIREWALL_FORWARD */ { #ifdef INET6 if (isipv6) |