Subject: Re: pppoe(4) man page in conjunction with Postfix leaves gaping relay
To: None <TeCeEm@gmx.net>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-userlevel
Date: 10/02/2003 10:37:49
--NextPart-20031002103721-1334700
Content-Type: Text/Plain; charset=us-ascii
> > > Jun-ichiro itojun Hagino wrote:
> > > > 0.0.0.0/8 will not match any source address. am i mistaken?
> > > You are not. However, upon establishing a successful pppoe link the
> > > result looks like this
> > > inet 80.130.149.14 -> 217.5.98.29 netmask 0xff000000
> > > which causes Postfix to treat 80.0.0.0/8 as a trusted network to relay for.
> >
> > now i see the problem. yes, it has to be fixed (documentation fix only
> > i suppose).
>
> does it address your problem?
more radical patch would be this, but it has bad sideeffect
(people setting /30 to p2p interface will get angry)
itojun
--NextPart-20031002103721-1334700
Content-Type: Text/Plain; charset=us-ascii
Content-Disposition: attachment; filename="1"
Index: in.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/in.c,v
retrieving revision 1.91
diff -u -r1.91 in.c
--- in.c 16 Aug 2003 11:30:35 -0000 1.91
+++ in.c 2 Oct 2003 01:37:01 -0000
@@ -849,6 +849,10 @@
ia->ia_netmask = IN_CLASSB_NET;
else
ia->ia_netmask = IN_CLASSC_NET;
+
+ if (ifp->if_flags & IFF_POINTOPOINT)
+ ia->ia_netmask = 0xffffffff;
+
/*
* The subnet mask usually includes at least the standard network part,
* but may may be smaller in the case of supernetting.
--NextPart-20031002103721-1334700--