diff options
author | Cedric Berger <cedric@cvs.openbsd.org> | 2003-02-11 21:08:05 +0000 |
---|---|---|
committer | Cedric Berger <cedric@cvs.openbsd.org> | 2003-02-11 21:08:05 +0000 |
commit | e692e956cd9a362233c7aeb3a80fccd0864e1d3f (patch) | |
tree | eef70ec6c93e3437c9592809b8cf4bb2643e2d06 /sys/netinet | |
parent | 026beb26e885eced89aee9a01f7c499f9208207b (diff) |
No ICMP redirect when PF nat code redirect the packet on the LAN.
ok dhartmei@
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_input.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 07f1abbc1b8..8fe498db903 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.108 2003/01/07 09:00:34 kjc Exp $ */ +/* $OpenBSD: ip_input.c,v 1.109 2003/02/11 21:08:04 cedric Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -298,6 +298,7 @@ ipv4_input(m) struct in_ifaddr *ia; struct ipqent *ipqe; int hlen, mff; + in_addr_t pfrdr = 0; #ifdef IPSEC int error, s; struct tdb *tdb; @@ -392,6 +393,7 @@ ipv4_input(m) /* * Packet filter */ + pfrdr = ip->ip_dst.s_addr; if (pf_test(PF_IN, m->m_pkthdr.rcvif, &m) != PF_PASS) goto bad; if (m == NULL) @@ -399,6 +401,7 @@ ipv4_input(m) ip = mtod(m, struct ip *); hlen = ip->ip_hl << 2; + pfrdr = (pfrdr != ip->ip_dst.s_addr); #endif /* @@ -513,7 +516,7 @@ ipv4_input(m) */ #endif /* IPSEC */ - ip_forward(m, 0); + ip_forward(m, pfrdr); } return; |