Date: Mon, 5 Mar 2001 15:18:48 -0800 (PST) From: Don Lewis <truckman@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_input.c Message-ID: <200103052318.f25NImi08134@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
truckman 2001/03/05 15:18:48 PST
Modified files: (Branch: RELENG_4)
sys/netinet ip_input.c
Log:
MFC: 1.158 - 1.161
Block packets with a 127/8 destination arriving via an exernal interface.
Disable IP address vs. arrival interface consistency checking for unicast
packets when IP forwarding is enabled and for packets forwarded by 'ipfw fwd'.
Always perform broadcast IP address vs. arrival interface checking. This
was the historical behavior, but has been broken for quite a while.
Attempt to optimize the order of the tests.
Also, disable unicast IP address vs. arrival interface checking by default
for POLA reasons.
Approved by: jkh
Revision Changes Path
1.130.2.20 +59 -12 src/sys/netinet/ip_input.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103052318.f25NImi08134>