d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a new sysctl net.inet.ip.check_interface, which will verify that

Browse Source 
an incoming packet arrivees on an interface that has an address matching
the packet's address.  This is turned on by default.
This commit is contained in:
jlemon 2001-03-02 20:54:03 +00:00
parent 0e6ea63318
commit 021d152d84
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/netinet/ip_input.c
View File

@ -124,6 +124,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW,
&ip_keepfaith, 0,
"Enable packet capture for FAITH IPv4->IPv6 translater daemon");
static int ip_checkinterface = 1;
SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW,
&ip_checkinterface, 0, "Verify packet arrives on correct interface");
#ifdef DIAGNOSTIC
static int ipprintfs = 0;
#endif
@ -513,7 +517,7 @@ pass:
* check that the packet is either arriving from the
* correct interface or is locally generated.
*/
if (ia->ia_ifp != m->m_pkthdr.rcvif &&
if (ia->ia_ifp != m->m_pkthdr.rcvif && ip_checkinterface &&
(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0)
continue;