Date: Wed, 18 Jul 2001 13:28:20 +0800 From: Igor Podlesny <poige@morning.ru> To: Wes Peters <wes@softweyr.com> Cc: freebsd-hackers@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re[2]: Flight of the rat, living wreck..... Message-ID: <1185771218.20010718132820@morning.ru> In-Reply-To: <3B3E0D93.79738728@softweyr.com> References: <754836544.20010630185133@morning.ru> <3B3E0D93.79738728@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Igor Podlesny wrote:
>> > /*
>> > * Macro for finding the interface (ifnet structure) corresponding to one
>> > * of our IP addresses.
>> > */
>> > #define INADDR_TO_IFP(addr, ifp) \
>> > /* struct in_addr addr; */ \
>> > /* struct ifnet *ifp; */ \
>> > { \
>> > register struct in_ifaddr *ia; \
>> > \
>> > for (ia = in_ifaddrhead.tqh_first; \
>>
>> // so here we start looking through the queue
>>
>> > ia != NULL
>>
>> // sanity (I'd have written just (ia))
>>
>> > && ((ia->ia_ifp->if_flags & IFF_POINTOPOINT)? \
>>
>> // hm. special case if the interface is PTP
>>
>> > IA_DSTSIN(ia):IA_SIN(ia))->sin_addr.s_addr != (addr).s_addr; \
>>
>> // so it is like: if it is PTP, then we using DST address in comparison
>> // with addr.s_addr
>>
>> // it is the time I started to ask myself why it is so? why we're (ok,
>> // they're) checking for remote ip-address if the head comment
>> // says:
>> // * Macro for finding the interface (ifnet structure) corresponding to one
>> // * of our IP addresses.
>> // ^^^
>> // ^^^
> With point-to-point connections, the address at the opposite end of the
> connection is always used in the route table. When the interface is
> created as a point-to-point interface, a route is automatically entered
> from the local address to the opposite address. The "corresponding"
> in the comment at the beginning of the macro is interpreted rather loosely.
From
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in_var.h :
> Backout damage to the INADDR_TO_IFP() macro in revision 1.7.
>
> This macro was supposed to only match local IP addresses of
> interfaces,
so, this comment supports the idea that the macro itself was incorrect.
> and all consumers of this macro assume this as
> well. (See IP_MULTICAST_IF and IP_ADD_MEMBERSHIP socket
> options in the ip(4) manpage.)
>
> This fixes a major security breach in IPFW-based firewalls
Actually, this doesn't (didn't) and Ruslan (ru@freebsd.org) was wrong
pointing out this in the comment...
It was just a mistake affecting to remote peer only. Local ip anyway
was protected with 'me'. (it did fit to the macros as well as remote
ip did and this fact is the only erroneous in the situation)
> where the `me' keyword would match the other end of a P2P
> link.
>
> PR: kern/28567
--
Igor mailto:poige@morning.ru
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1185771218.20010718132820>