patch-2.1.106 linux/net/ipv4/ip_input.c

Next file: linux/net/ipv4/ip_output.c
Previous file: linux/net/ipv4/ip_fw.c
Back to the patch index
Back to the overall index

diff -u --recursive --new-file v2.1.105/linux/net/ipv4/ip_input.c linux/net/ipv4/ip_input.c
@@ -5,7 +5,7 @@
  *
  *		The Internet Protocol (IP) module.
  *
- * Version:	$Id: ip_input.c,v 1.30 1998/05/08 01:54:54 davem Exp $
+ * Version:	$Id: ip_input.c,v 1.31 1998/05/17 02:19:15 freitag Exp $
  *
  * Authors:	Ross Biro, <bir7@leland.Stanford.Edu>
  *		Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
@@ -97,7 +97,6 @@
  *		Alan Cox	:	Multicast routing hooks
  *		Jos Vos		:	Do accounting *before* call_in_firewall
  *	Willy Konynenberg	:	Transparent proxying support
- *	Mike McLagan		:	Routing by source
  *
  *  
  *
@@ -470,6 +469,15 @@
 
 	/*
 	 *	See if the firewall wants to dispose of the packet. 
+	 *
+	 *	Note: the current standard firewall code expects that the 
+	 *	destination address was already checked against the interface 
+	 *	address lists.
+	 *
+	 *	If this code is ever moved in front of ip_route_input() you need
+	 *	to fix the fw code [moving it might be a good idea anyways,
+	 *	so that we can firewall against potentially bugs in the options
+	 *	or routing code]
 	 */
 	
 #ifdef	CONFIG_FIREWALL

FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen, slshen@lbl.gov