From owner-cvs-all  Thu Mar  1 18: 3: 8 2001
Delivered-To: cvs-all@freebsd.org
Received: from starfruit.itojun.org (dhcp108.iijlab.net [202.232.15.108])
	by hub.freebsd.org (Postfix) with ESMTP
	id 86DD737B718; Thu,  1 Mar 2001 18:02:58 -0800 (PST)
	(envelope-from itojun@itojun.org)
Received: from itojun.org (localhost [127.0.0.1])
	by starfruit.itojun.org (Postfix) with ESMTP
	id CECBE7E0E; Fri,  2 Mar 2001 10:27:41 +0900 (JST)
To: nate@yogotech.com (Nate Williams)
Cc: Jonathan Lemon <jlemon@flugsvamp.com>,
	Jonathan Lemon <jlemon@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
In-reply-to: nate's message of Thu, 01 Mar 2001 17:50:57 MST.
      <15006.61041.727634.597339@nomad.yogotech.com> 
X-Template-Reply-To: itojun@itojun.org
X-Template-Return-Receipt-To: itojun@itojun.org
X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD  90 5F B4 60 79 54 16 E2
Subject: Re: cvs commit: src/sys/netinet ip_input.c 
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Date: Fri, 02 Mar 2001 10:27:41 +0900
Message-Id: <20010302012741.CECBE7E0E@starfruit.itojun.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


>I'll resend the email that Don Lewis sent out right after your commit.
>On Feb 27, 11:43am, Jonathan Lemon wrote:
>} Subject: cvs commit: src/sys/netinet ip_input.c
>} jlemon      2001/02/27 11:43:14 PST
>} 
>}   Modified files:
>}     sys/netinet          ip_input.c 
>}   Log:
>}   When iterating over our list of interface addresses in order to determine
>}   if an arriving packet belongs to us, also check that the packet arrived
>}   through the correct interface.  Skip this check if the packet was locally
>}   generated.

	the change, specifically the following part, seem to implement
	ingress filtering.  the change will choke on multihomed hosts
	with assymmetric routing (like packets from X comes into interface A,
	and packets to X goes out from interface B).  RFC2827 has more detail
	on it.  I believe it too strong limitation.

itojun


+               if (ia->ia_ifp != m->m_pkthdr.rcvif &&
+                    (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0)
+                       continue;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message