jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-27 13:32:45 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

tcp/ipfw: fix "ipfw fwd localaddr,port"

Browse Source 
The ipfw(4) feature of forwarding to local address without modifying
a packet was broken.  The first lookup needs always be a non-wildcard
one, cause its goal is to find an already existing socket.  Otherwise
a local wildcard listener with the same port number may match resulting
in the connection being forwared to wrong port.

Reported by:	Pavel Polyakov <bsd kobyla.org>
Fixes:		d88eb4654f
This commit is contained in:
Gleb Smirnoff 2023-01-05 14:34:50 -08:00
parent c47015fafa
commit aab8c844b9
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/netinet/tcp_input.c
View File

@ -834,7 +834,7 @@ findpcb:
*/
inp = in6_pcblookup_mbuf(&V_tcbinfo,
&ip6->ip6_src, th->th_sport, &ip6->ip6_dst, th->th_dport,
lookupflag, m->m_pkthdr.rcvif, m);
lookupflag & ~INPLOOKUP_WILDCARD, m->m_pkthdr.rcvif, m);
if (!inp) {
/*
* It's new. Try to find the ambushing socket.
@ -865,7 +865,8 @@ findpcb:
* already got one like this?
*/
inp = in_pcblookup_mbuf(&V_tcbinfo, ip->ip_src, th->th_sport,
ip->ip_dst, th->th_dport, lookupflag, m->m_pkthdr.rcvif, m);
ip->ip_dst, th->th_dport, lookupflag & ~INPLOOKUP_WILDCARD,
m->m_pkthdr.rcvif, m);
if (!inp) {
/*
* It's new. Try to find the ambushing socket.