diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-02-03 21:11:09 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-02-03 21:11:09 +0000 |
| commit | 45e50e65b02d9ab76be27138e09d56c340e79c8a (patch) | |
| tree | 947fb1f2d8642413ce6b63a91f654c32001659c7 | |
| parent | 981210867d6245d125a29c816f2c6f9fef1c16d7 (diff) | |
bail out for sourcerouted packets earlier, also do not forward
sourcerouted packets ever if ipforwarding is off; tqbf@secnet.com
| -rw-r--r-- | sys/netinet/ip_input.c | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 72a00c38fa8..fc76ac7eb38 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.28 1998/02/01 21:46:02 deraadt Exp $ */ +/* $OpenBSD: ip_input.c,v 1.29 1998/02/03 21:11:08 deraadt Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -744,6 +744,17 @@ ip_dooptions(m) */ case IPOPT_LSRR: case IPOPT_SSRR: + if (!ip_dosourceroute) { + char buf[4*sizeof "123"]; + + strcpy(buf, inet_ntoa(ip->ip_dst)); + log(LOG_WARNING, + "attempted source route from %s to %s\n", + inet_ntoa(ip->ip_src), buf); + type = ICMP_UNREACH; + code = ICMP_UNREACH_SRCFAIL; + goto bad; + } if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { code = &cp[IPOPT_OFFSET] - (u_char *)ip; goto bad; @@ -771,18 +782,6 @@ ip_dooptions(m) break; } - if (!ip_dosourceroute) { - char buf[4*sizeof "123"]; - - strcpy(buf, inet_ntoa(ip->ip_dst)); - log(LOG_WARNING, - "attempted source route from %s to %s\n", - inet_ntoa(ip->ip_src), buf); - type = ICMP_UNREACH; - code = ICMP_UNREACH_SRCFAIL; - goto bad; - } - /* * locate outgoing interface */ @@ -889,7 +888,7 @@ ip_dooptions(m) ipt->ipt_ptr += sizeof(n_time); } } - if (forward) { + if (forward && ipforwarding) { ip_forward(m, 1); return (1); } |