From owner-freebsd-current Wed Feb 13 1: 4: 6 2002 Delivered-To: freebsd-current@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 0E8A537B405; Wed, 13 Feb 2002 01:03:54 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g1D93lo48261; Wed, 13 Feb 2002 11:03:47 +0200 (EET) (envelope-from ru) Date: Wed, 13 Feb 2002 11:03:47 +0200 From: Ruslan Ermilov To: current@FreeBSD.org Cc: Jonathan Lemon , "Crist J. Clark" Subject: rdr 127.0.0.1 and blocking 127/8 in ip_output() Message-ID: <20020213110347.C46245@sunbay.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="kORqDWCi7qDJ0mEj" Content-Disposition: inline User-Agent: Mutt/1.3.23i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --kORqDWCi7qDJ0mEj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi! Please test with and without this patch. Cheers, -- Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --kORqDWCi7qDJ0mEj Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=p Index: ip_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v retrieving revision 1.99.2.25 diff -u -p -r1.99.2.25 ip_output.c --- ip_output.c 2002/02/01 10:42:09 1.99.2.25 +++ ip_output.c 2002/02/13 08:49:04 @@ -403,16 +403,6 @@ ip_output(m0, opt, ro, flags, imo) goto bad; } - /* 127/8 must not appear on wire - RFC1122. */ - if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || - (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { - if ((ifp->if_flags & IFF_LOOPBACK) == 0) { - ipstat.ips_badaddr++; - error = EADDRNOTAVAIL; - goto bad; - } - } - /* * Look for broadcast address and * verify user is allowed to send @@ -775,6 +765,16 @@ skip_ipsec: } pass: + /* 127/8 must not appear on wire - RFC1122. */ + if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || + (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { + if ((ifp->if_flags & IFF_LOOPBACK) == 0) { + ipstat.ips_badaddr++; + error = EADDRNOTAVAIL; + goto bad; + } + } + m->m_pkthdr.csum_flags |= CSUM_IP; sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist; if (sw_csum & CSUM_DELAY_DATA) { --kORqDWCi7qDJ0mEj-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message