cvs commit: src/sys/netinet ip_input.c (fwd)

[Attila Nagy]

Annak, aki ipnattal redirectel es 127.0.0.0/8-as IP-t hasznal.

--------------------------------------------------------------------------
Attila Nagy                                    e-mail:  Attila.Nagy at fsn.hu
Budapest Polytechnic (BMF.HU)                   @work: +361 210 1415 (194)
H-1084 Budapest, Tavaszmezo u. 15-17.           cell.: +3630 306 6758
---------- Forwarded message ----------
Date: Sun, 4 Mar 2001 16:04:49 -0800
From: Don Lewis <Don.Lewis at tsc.tdk.com>
To: Attila Nagy <bra at fsn.hu>, Don Lewis <truckman at FreeBSD.org>
Subject: Re: cvs commit: src/sys/netinet ip_input.c

On Mar 4,  6:16pm, Attila Nagy wrote:
} Subject: Re: cvs commit: src/sys/netinet ip_input.c
} Hello,
}
} >   Explicitly block packets sent to the loopback network sent from the outside,
} >   which is consistent with the behavior of the forwarding path between
} >   interfaces as implemented in in_canforward().
} I have several jails on my machine, with 127.x.y.z addresses, running on
} lo0 interface.
} In those jails everything runs with UID other than 0 and binds to high
} ports like 65000. I use IPF redirection (with ipnat) to redirect traffic
} sent to the public IF to the public address to the jail's 127.x.y.z IP.
}
} Will the above commit break this?

Sigh ... I looked through the code and it looks like this check will
break ipnat.  The check will have to be moved closer to the beginning
of ip_input(), before ipnat happens.