From owner-freebsd-hackers Tue Jul 17 22:28:15 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from roulen-gw.morning.ru (roulen-gw.morning.ru [195.161.98.242]) by hub.freebsd.org (Postfix) with ESMTP id DC3D437B406; Tue, 17 Jul 2001 22:28:05 -0700 (PDT) (envelope-from poige@morning.ru) Received: from NIC1 (seven.ld [192.168.11.7]) by roulen-gw.morning.ru (Postfix) with ESMTP id 10175127; Wed, 18 Jul 2001 13:28:04 +0800 (KRAST) Date: Wed, 18 Jul 2001 13:28:20 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <1185771218.20010718132820@morning.ru> To: Wes Peters Cc: freebsd-hackers@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re[2]: Flight of the rat, living wreck..... In-Reply-To: <3B3E0D93.79738728@softweyr.com> References: <754836544.20010630185133@morning.ru> <3B3E0D93.79738728@softweyr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Igor Podlesny wrote: >> > /* >> > * Macro for finding the interface (ifnet structure) corresponding to one >> > * of our IP addresses. >> > */ >> > #define INADDR_TO_IFP(addr, ifp) \ >> > /* struct in_addr addr; */ \ >> > /* struct ifnet *ifp; */ \ >> > { \ >> > register struct in_ifaddr *ia; \ >> > \ >> > for (ia = in_ifaddrhead.tqh_first; \ >> >> // so here we start looking through the queue >> >> > ia != NULL >> >> // sanity (I'd have written just (ia)) >> >> > && ((ia->ia_ifp->if_flags & IFF_POINTOPOINT)? \ >> >> // hm. special case if the interface is PTP >> >> > IA_DSTSIN(ia):IA_SIN(ia))->sin_addr.s_addr != (addr).s_addr; \ >> >> // so it is like: if it is PTP, then we using DST address in comparison >> // with addr.s_addr >> >> // it is the time I started to ask myself why it is so? why we're (ok, >> // they're) checking for remote ip-address if the head comment >> // says: >> // * Macro for finding the interface (ifnet structure) corresponding to one >> // * of our IP addresses. >> // ^^^ >> // ^^^ > With point-to-point connections, the address at the opposite end of the > connection is always used in the route table. When the interface is > created as a point-to-point interface, a route is automatically entered > from the local address to the opposite address. The "corresponding" > in the comment at the beginning of the macro is interpreted rather loosely. From http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in_var.h : > Backout damage to the INADDR_TO_IFP() macro in revision 1.7. > > This macro was supposed to only match local IP addresses of > interfaces, so, this comment supports the idea that the macro itself was incorrect. > and all consumers of this macro assume this as > well. (See IP_MULTICAST_IF and IP_ADD_MEMBERSHIP socket > options in the ip(4) manpage.) > > This fixes a major security breach in IPFW-based firewalls Actually, this doesn't (didn't) and Ruslan (ru@freebsd.org) was wrong pointing out this in the comment... It was just a mistake affecting to remote peer only. Local ip anyway was protected with 'me'. (it did fit to the macros as well as remote ip did and this fact is the only erroneous in the situation) > where the `me' keyword would match the other end of a P2P > link. > > PR: kern/28567 -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message