Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Mar 2001 17:50:57 -0700 (MST)
From:      Nate Williams <nate@yogotech.com>
To:        Jonathan Lemon <jlemon@flugsvamp.com>
Cc:        Nate Williams <nate@yogotech.com>, Jonathan Lemon <jlemon@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/netinet ip_input.c
Message-ID:  <15006.61041.727634.597339@nomad.yogotech.com>
In-Reply-To: <20010301184258.T25974@prism.flugsvamp.com>
References:  <200103012339.f21NdW309088@freefall.freebsd.org> <15006.60555.97100.465265@nomad.yogotech.com> <20010301184258.T25974@prism.flugsvamp.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Thu, Mar 01, 2001 at 05:42:51PM -0700, Nate Williams wrote:
> > > jlemon      2001/03/01 15:39:32 PST
> > > 
> > >   Modified files:        (Branch: RELENG_4)
> > >     sys/netinet          ip_input.c 
> > >   Log:
> > >   MFC: r1.156; verify incoming packet is arriving on correct interface.
> > 
> > Wasn't this determined to be buggy?
> 
> Um, no, not that I know of.

I'll resend the email that Don Lewis sent out right after your commit.

From: Don Lewis <Don.Lewis@tsc.tdk.com>
Sender: owner-cvs-committers@FreeBSD.org
To: Jonathan Lemon <jlemon@FreeBSD.org>, cvs-committers@FreeBSD.org,
        cvs-all@FreeBSD.org
Cc: freebsd-net@FreeBSD.org
Subject: Re: cvs commit: src/sys/netinet ip_input.c
Date: Tue, 27 Feb 2001 23:27:10 -0800

On Feb 27, 11:43am, Jonathan Lemon wrote:
} Subject: cvs commit: src/sys/netinet ip_input.c
} jlemon      2001/02/27 11:43:14 PST
} 
}   Modified files:
}     sys/netinet          ip_input.c 
}   Log:
}   When iterating over our list of interface addresses in order to determine
}   if an arriving packet belongs to us, also check that the packet arrived
}   through the correct interface.  Skip this check if the packet was locally
}   generated.
}   
}   Revision  Changes    Path
}   1.156     +19 -15    src/sys/netinet/ip_input.c
} 
}-- End of excerpt from Jonathan Lemon

This (at least the non-IPFIREWALL_FORWARD case) doesn't look right
to me.  If I have a server dual homed on two networks with the IP
addresses 192.168.1.1 and 192.168.2.1, and a client on the 192.168.1.0
network sends a packet to the 192.168.2.1 address to the 192.168.1.1
interface, it looks like the "ours" test will fail.  I suspect this
will cause the server to attempt to forward this packet out to the
192.168.2.0 network, if it has IP forwarding enabled.  On the other
hand, it looks like the server will accept a packet received on the
192.168.1.1 interface with the destination address 192.168.2.255.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15006.61041.727634.597339>