From f77a104cd3dc091220ea967846f75b17e8ce3975 Mon Sep 17 00:00:00 2001 From: ru Date: Fri, 1 Sep 2000 09:32:44 +0000 Subject: [PATCH] Changed the way we handle outgoing ICMP error messages -- do not alias `ip_src' unless it comes from the host an original datagram that triggered this error message was destined for. PR: 20712 Reviewed by: brian, Charles Mott --- lib/libalias/alias.c | 34 ++++++++++++++++++++++------------ sys/netinet/libalias/alias.c | 34 ++++++++++++++++++++++------------ 2 files changed, 44 insertions(+), 24 deletions(-) diff --git a/lib/libalias/alias.c b/lib/libalias/alias.c index e0e5e7c38bb2..7689e90b6ea1 100644 --- a/lib/libalias/alias.c +++ b/lib/libalias/alias.c @@ -539,12 +539,17 @@ IcmpAliasOut2(struct ip *pip) accumulate -= alias_port; ADJUST_CHECKSUM(accumulate, ic->icmp_cksum) -/* Alias address in IP header */ - DifferentialChecksum(&pip->ip_sum, - (u_short *) &alias_address, - (u_short *) &pip->ip_src, - 2); - pip->ip_src = alias_address; +/* + * Alias address in IP header if it comes from the host + * the original TCP/UDP packet was destined for. + */ + if (pip->ip_src.s_addr == ip->ip_dst.s_addr) { + DifferentialChecksum(&pip->ip_sum, + (u_short *) &alias_address, + (u_short *) &pip->ip_src, + 2); + pip->ip_src = alias_address; + } /* Alias address and port number of original IP packet fragment contained in ICMP data section */ @@ -572,12 +577,17 @@ fragment contained in ICMP data section */ accumulate -= alias_id; ADJUST_CHECKSUM(accumulate, ic->icmp_cksum) -/* Alias address in IP header */ - DifferentialChecksum(&pip->ip_sum, - (u_short *) &alias_address, - (u_short *) &pip->ip_src, - 2); - pip->ip_src = alias_address; +/* + * Alias address in IP header if it comes from the host + * the original ICMP message was destined for. + */ + if (pip->ip_src.s_addr == ip->ip_dst.s_addr) { + DifferentialChecksum(&pip->ip_sum, + (u_short *) &alias_address, + (u_short *) &pip->ip_src, + 2); + pip->ip_src = alias_address; + } /* Alias address of original IP packet and sequence number of embedded ICMP datagram */ diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c index e0e5e7c38bb2..7689e90b6ea1 100644 --- a/sys/netinet/libalias/alias.c +++ b/sys/netinet/libalias/alias.c @@ -539,12 +539,17 @@ IcmpAliasOut2(struct ip *pip) accumulate -= alias_port; ADJUST_CHECKSUM(accumulate, ic->icmp_cksum) -/* Alias address in IP header */ - DifferentialChecksum(&pip->ip_sum, - (u_short *) &alias_address, - (u_short *) &pip->ip_src, - 2); - pip->ip_src = alias_address; +/* + * Alias address in IP header if it comes from the host + * the original TCP/UDP packet was destined for. + */ + if (pip->ip_src.s_addr == ip->ip_dst.s_addr) { + DifferentialChecksum(&pip->ip_sum, + (u_short *) &alias_address, + (u_short *) &pip->ip_src, + 2); + pip->ip_src = alias_address; + } /* Alias address and port number of original IP packet fragment contained in ICMP data section */ @@ -572,12 +577,17 @@ fragment contained in ICMP data section */ accumulate -= alias_id; ADJUST_CHECKSUM(accumulate, ic->icmp_cksum) -/* Alias address in IP header */ - DifferentialChecksum(&pip->ip_sum, - (u_short *) &alias_address, - (u_short *) &pip->ip_src, - 2); - pip->ip_src = alias_address; +/* + * Alias address in IP header if it comes from the host + * the original ICMP message was destined for. + */ + if (pip->ip_src.s_addr == ip->ip_dst.s_addr) { + DifferentialChecksum(&pip->ip_sum, + (u_short *) &alias_address, + (u_short *) &pip->ip_src, + 2); + pip->ip_src = alias_address; + } /* Alias address of original IP packet and sequence number of embedded ICMP datagram */