hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-25 18:12:57 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't loop back packets that have been routed by pf. This fixes an endless

Browse Source 
loop where the same packet is sent over and over again.

Obtained from:	OpenBSD
Reported by:	Sergey Lapin
Tested by:	Sergey Lapin
MFC after:	7 days
This commit is contained in:
Max Laier 2005-08-23 14:13:17 +00:00
parent e1bfde1b04
commit 0bdf5171c8
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=149389
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/net/if_ethersubr.c
View File

@ -310,7 +310,8 @@ ether_output(struct ifnet *ifp, struct mbuf *m,
* on the wire). However, we don't do that here for security
* reasons and compatibility with the original behavior.
*/
if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1)) {
if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1) &&
m_tag_find(m, PACKET_TAG_PF_ROUTED, NULL) == NULL) {
int csum_flags = 0;
if (m->m_pkthdr.csum_flags & CSUM_IP)