Synopsis: IPv4 forwarding doesn't consult inbound SPD
NetBSD versions: 1.5.1,1.5.2
Thanks to: Jun-ichiro itojun Hagino
Reported in NetBSD Security Advisory: NetBSD-SA2002-003
Index: syssrc/sys/netinet/ip_input.c
===================================================================
RCS file: /cvsroot/syssrc/sys/netinet/ip_input.c,v
retrieving revision 1.144
retrieving revision 1.145
diff -c -p -r1.144 -r1.145
*** sys/netinet/ip_input.c 2002/02/24 17:22:21 1.144
--- sys/netinet/ip_input.c 2002/02/25 02:17:55 1.145
*************** ip_input(struct mbuf *m)
*** 687,692 ****
--- 687,699 ----
ipstat.ips_cantforward++;
return;
}
+ #ifdef IPSEC
+ if (ipsec4_in_reject(m, NULL)) {
+ ipsecstat.in_polvio++;
+ goto bad;
+ }
+ #endif
+
ip_forward(m, 0);
}
return;
