mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-12-03 10:29:15 +00:00
Fix the 'fwd' option to ipfw when asked to divert to another machine.
also rely less on other modules clearing static values, and clear them in a few cases we missed before. Submitted by: Matthew Reimer <mreimer@vpop.net>
This commit is contained in:
parent
51df594922
commit
ed1ff184f3
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=44677
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)ip_input.c 8.2 (Berkeley) 1/4/94
|
||||
* $Id: ip_input.c,v 1.114 1999/02/09 16:55:46 wollman Exp $
|
||||
* $Id: ip_input.c,v 1.115 1999/02/22 18:19:57 des Exp $
|
||||
*/
|
||||
|
||||
#define _IP_VHL
|
||||
@ -437,8 +437,12 @@ iphack:
|
||||
}
|
||||
pass:
|
||||
|
||||
if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, m->m_pkthdr.rcvif, IP_NAT_IN))
|
||||
if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, m->m_pkthdr.rcvif, IP_NAT_IN)) {
|
||||
#ifdef IPFIREWALL_FORWARD
|
||||
ip_fw_fwd_addr = NULL;
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
#endif /* !COMPAT_IPFW */
|
||||
|
||||
/*
|
||||
@ -448,8 +452,12 @@ pass:
|
||||
* to be sent and the original packet to be freed).
|
||||
*/
|
||||
ip_nhops = 0; /* for source routed packets */
|
||||
if (hlen > sizeof (struct ip) && ip_dooptions(m))
|
||||
if (hlen > sizeof (struct ip) && ip_dooptions(m)) {
|
||||
#ifdef IPFIREWALL_FORWARD
|
||||
ip_fw_fwd_addr = NULL;
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
||||
/* greedy RSVP, snatches any PATH packet of the RSVP protocol and no
|
||||
* matter if it is destined to another node, or whether it is
|
||||
@ -474,8 +482,6 @@ pass:
|
||||
ia = TAILQ_NEXT(ia, ia_link)) {
|
||||
#define satosin(sa) ((struct sockaddr_in *)(sa))
|
||||
|
||||
if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr)
|
||||
goto ours;
|
||||
#ifdef BOOTP_COMPAT
|
||||
if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY)
|
||||
goto ours;
|
||||
@ -485,10 +491,15 @@ pass:
|
||||
* If the addr to forward to is one of ours, we pretend to
|
||||
* be the destination for this packet.
|
||||
*/
|
||||
if (ip_fw_fwd_addr != NULL &&
|
||||
IA_SIN(ia)->sin_addr.s_addr ==
|
||||
if (ip_fw_fwd_addr == NULL) {
|
||||
if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr)
|
||||
goto ours;
|
||||
} else if (IA_SIN(ia)->sin_addr.s_addr ==
|
||||
ip_fw_fwd_addr->sin_addr.s_addr)
|
||||
goto ours;
|
||||
#else
|
||||
if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr)
|
||||
goto ours;
|
||||
#endif
|
||||
if (ia->ia_ifp && ia->ia_ifp->if_flags & IFF_BROADCAST) {
|
||||
if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr ==
|
||||
@ -555,6 +566,9 @@ pass:
|
||||
m_freem(m);
|
||||
} else
|
||||
ip_forward(m, 0);
|
||||
#ifdef IPFIREWALL_FORWARD
|
||||
ip_fw_fwd_addr = NULL;
|
||||
#endif
|
||||
return;
|
||||
|
||||
ours:
|
||||
@ -573,6 +587,9 @@ ours:
|
||||
#ifdef IPDIVERT
|
||||
frag_divert_port = 0;
|
||||
ip_divert_cookie = 0;
|
||||
#endif
|
||||
#ifdef IPFIREWALL_FORWARD
|
||||
ip_fw_fwd_addr = NULL;
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user