From owner-freebsd-net Tue Feb 27 23:27:24 2001 Delivered-To: freebsd-net@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id 76DFB37B71A; Tue, 27 Feb 2001 23:27:12 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id XAA03780; Tue, 27 Feb 2001 23:27:11 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id XAA24555; Tue, 27 Feb 2001 23:27:10 -0800 (PST) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id XAA04777; Tue, 27 Feb 2001 23:27:10 -0800 (PST) From: Don Lewis Message-Id: <200102280727.XAA04777@salsa.gv.tsc.tdk.com> Date: Tue, 27 Feb 2001 23:27:10 -0800 In-Reply-To: <200102271943.f1RJhFn26351@freefall.freebsd.org> References: <200102271943.f1RJhFn26351@freefall.freebsd.org> X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: Jonathan Lemon , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_input.c Cc: freebsd-net@FreeBSD.org Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Feb 27, 11:43am, Jonathan Lemon wrote: } Subject: cvs commit: src/sys/netinet ip_input.c } jlemon 2001/02/27 11:43:14 PST } } Modified files: } sys/netinet ip_input.c } Log: } When iterating over our list of interface addresses in order to determine } if an arriving packet belongs to us, also check that the packet arrived } through the correct interface. Skip this check if the packet was locally } generated. } } Revision Changes Path } 1.156 +19 -15 src/sys/netinet/ip_input.c } }-- End of excerpt from Jonathan Lemon This (at least the non-IPFIREWALL_FORWARD case) doesn't look right to me. If I have a server dual homed on two networks with the IP addresses 192.168.1.1 and 192.168.2.1, and a client on the 192.168.1.0 network sends a packet to the 192.168.2.1 address to the 192.168.1.1 interface, it looks like the "ours" test will fail. I suspect this will cause the server to attempt to forward this packet out to the 192.168.2.0 network, if it has IP forwarding enabled. On the other hand, it looks like the server will accept a packet received on the 192.168.1.1 interface with the destination address 192.168.2.255. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message