Date: Fri, 02 Mar 2001 10:27:41 +0900 From: Jun-ichiro itojun Hagino <itojun@iijlab.net> To: nate@yogotech.com (Nate Williams) Cc: Jonathan Lemon <jlemon@flugsvamp.com>, Jonathan Lemon <jlemon@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_input.c Message-ID: <20010302012741.CECBE7E0E@starfruit.itojun.org> In-Reply-To: nate's message of Thu, 01 Mar 2001 17:50:57 MST. <15006.61041.727634.597339@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>I'll resend the email that Don Lewis sent out right after your commit. >On Feb 27, 11:43am, Jonathan Lemon wrote: >} Subject: cvs commit: src/sys/netinet ip_input.c >} jlemon 2001/02/27 11:43:14 PST >} >} Modified files: >} sys/netinet ip_input.c >} Log: >} When iterating over our list of interface addresses in order to determine >} if an arriving packet belongs to us, also check that the packet arrived >} through the correct interface. Skip this check if the packet was locally >} generated. the change, specifically the following part, seem to implement ingress filtering. the change will choke on multihomed hosts with assymmetric routing (like packets from X comes into interface A, and packets to X goes out from interface B). RFC2827 has more detail on it. I believe it too strong limitation. itojun + if (ia->ia_ifp != m->m_pkthdr.rcvif && + (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) + continue; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010302012741.CECBE7E0E>