FreeBSD Bugzilla – Attachment 196851 Details for
Bug 231143
[regression] ipfw fwd wrong behaviour with fast forwarding
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed fix
ip_fastfwd.c.diff (text/plain), 2.77 KB, created by
Eugene Grosbein
on 2018-09-04 12:26:36 UTC
(
hide
)
Description:
proposed fix
Filename:
MIME Type:
Creator:
Eugene Grosbein
Created:
2018-09-04 12:26:36 UTC
Size:
2.77 KB
patch
obsolete
>Index: ip_fastfwd.c >=================================================================== >--- ip_fastfwd.c (revision 338011) >+++ ip_fastfwd.c (working copy) >@@ -275,88 +275,103 @@ passin: > if (ip->ip_ttl <= IPTTLDEC) { > icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, 0, 0); > return NULL; /* mbuf already free'd */ > } > > /* > * Decrement the TTL and incrementally change the IP header checksum. > * Don't bother doing this with hw checksum offloading, it's faster > * doing it right here. > */ > ip->ip_ttl -= IPTTLDEC; > if (ip->ip_sum >= (u_int16_t) ~htons(IPTTLDEC << 8)) > ip->ip_sum -= ~htons(IPTTLDEC << 8); > else > ip->ip_sum += htons(IPTTLDEC << 8); > #ifdef IPSTEALTH > } > #endif > > /* >+ * Next hop forced by ipfilter hook? >+ */ >+ if (m->m_flags & M_IP_NEXTHOP) { >+ fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); >+ /* >+ * Skip outgoing filtering. >+ */ >+ if (fwd_tag) >+ goto reroute; >+ } >+ /* > * Find route to destination. > */ > if (ip_findroute(&nh, dest, m) != 0) > return (NULL); /* icmp unreach already sent */ > > /* > * Step 5: outgoing firewall packet processing > */ > if (!PFIL_HOOKED(&V_inet_pfil_hook)) > goto passout; > > if (pfil_run_hooks(&V_inet_pfil_hook, &m, nh.nh_ifp, PFIL_OUT, PFIL_FWD, > NULL) || m == NULL) { > goto drop; > } > > M_ASSERTVALID(m); > M_ASSERTPKTHDR(m); > > ip = mtod(m, struct ip *); > dest.s_addr = ip->ip_dst.s_addr; > > /* > * Destination address changed? > */ > if (m->m_flags & M_IP_NEXTHOP) > fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); > if (odest.s_addr != dest.s_addr || fwd_tag != NULL) { > /* > * Is it now for a local address on this host? > */ > if (m->m_flags & M_FASTFWD_OURS || in_localip(dest)) { > forwardlocal: > /* > * Return packet for processing by ip_input(). > */ > m->m_flags |= M_FASTFWD_OURS; > return (m); > } >- /* >- * Redo route lookup with new destination address >- */ >- if (fwd_tag) { >- dest.s_addr = ((struct sockaddr_in *) >- (fwd_tag + 1))->sin_addr.s_addr; >- m_tag_delete(m, fwd_tag); >- m->m_flags &= ~M_IP_NEXTHOP; >- } >+ } >+ >+reroute: >+ if (fwd_tag != NULL) { >+ dest.s_addr = ((struct sockaddr_in *) >+ (fwd_tag + 1))->sin_addr.s_addr; >+ m_tag_delete(m, fwd_tag); >+ m->m_flags &= ~M_IP_NEXTHOP; >+ } >+ /* >+ * Redo route lookup with new destination address >+ */ >+ if (odest.s_addr != dest.s_addr || fwd_tag != NULL) { > if (ip_findroute(&nh, dest, m) != 0) > return (NULL); /* icmp unreach already sent */ > } > > passout: > /* > * Step 6: send off the packet > */ > ip_len = ntohs(ip->ip_len); > ip_off = ntohs(ip->ip_off); > > bzero(&dst, sizeof(dst)); > dst.sin_family = AF_INET; > dst.sin_len = sizeof(dst); > dst.sin_addr = nh.nh_addr; > > /* > * Check if packet fits MTU or if hardware will fragment for us > */ > if (ip_len <= nh.nh_mtu) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=196851">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 231143
:
196851
|
196852
|
196860