Module Name: src
Committed By: christos
Date: Sun May 7 16:41:22 UTC 2017
Modified Files:
src/sys/netinet: ip_output.c
Log Message:
PR/52074: Frank Kardel: current npf map directive broken
Don't filter packets that can't be resolved to source interfaces because
they could have been generated by a packet filter.
To generate a diff of this commit:
cvs rdiff -u -r1.276 -r1.277 src/sys/netinet/ip_output.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/ip_output.c
diff -u src/sys/netinet/ip_output.c:1.276 src/sys/netinet/ip_output.c:1.277
--- src/sys/netinet/ip_output.c:1.276 Sun Mar 5 06:07:46 2017
+++ src/sys/netinet/ip_output.c Sun May 7 12:41:22 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.276 2017/03/05 11:07:46 ozaki-r Exp $ */
+/* $NetBSD: ip_output.c,v 1.277 2017/05/07 16:41:22 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.276 2017/03/05 11:07:46 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.277 2017/05/07 16:41:22 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -611,13 +611,18 @@ sendit:
/*
* search for the source address structure to
- * maintain output statistics.
+ * maintain output statistics, and verify address
+ * validity
*/
KASSERT(ia == NULL);
ia = in_get_ia_psref(ip->ip_src, &psref_ia);
- /* Ensure we only send from a valid address. */
- if ((ia != NULL || (flags & IP_FORWARDING) == 0) &&
+ /*
+ * Ensure we only send from a valid address.
+ * A NULL address is valid because the packet could be
+ * generated from a packet filter.
+ */
+ if (ia != NULL && (flags & IP_FORWARDING) == 0 &&
(error = ip_ifaddrvalid(ia)) != 0)
{
ARPLOG(LOG_ERR,
@@ -1940,9 +1945,6 @@ static int
ip_ifaddrvalid(const struct in_ifaddr *ia)
{
- if (ia == NULL)
- return -1;
-
if (ia->ia_addr.sin_addr.s_addr == INADDR_ANY)
return 0;
