On Aug 1, 10:48am, Zachary Roger Amsden wrote:
} Subject: Re: How secure is xinetd's binding to specific interfaces
} Excerpts from internet.computing.firewalls: 1-Aug-96 Re: How secure is
} xinetd's .. by Don Lewis @
tsc .
tdk .
com
} >
} > if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr)
} > if (ia->ia_ifp == ifp)
} > goto ours;
} > else
} > it came in on the wrong interface, log it
}
} This code would work beautifully if ipintr had ifp, a pointer to the
} interface the packet was received on. Unfortunately, BSD networking
} code never records the interface a pakcet was received on.
Apparently it did at one time. The included patch was relative to a
replacement ip_input.c for SunOS that disables source routing that
was posted to this list by Brad .
Powell @
EBay .
Sun .
COM quite a while ago.
The SunOS ipintr() calls the macro IF_DEQUEUEIF(ifq, m, ifp) which
returns the interface pointer. I would imagine that Sun picked this
up from an older BSD IP stack (4.2 or 4.3).
It looks like folks using up to date BSD stacks are out of luck as
far as easy patches.
--- Truck
|
|
