Attachment #196860 for bug #231143




	struct mbuf *m0 = NULL;
	struct nhop4_basic nh;
	struct sockaddr_in dst;
	struct in_addr dest, odest, rtdest;
	uint16_t ip_len, ip_off;
	int error = 0;
	struct m_tag *fwd_tag = NULL;

#endif

	/*
	 * Next hop forced by ipfilter hook?
	 */
	if ((m->m_flags & M_IP_NEXTHOP) &&
	    ((fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL)) {
		/*
		 * Now we will find route to forced destination.
		 */
		dest.s_addr = ((struct sockaddr_in *)
			    (fwd_tag + 1))->sin_addr.s_addr;
		m_tag_delete(m, fwd_tag);
		m->m_flags &= ~M_IP_NEXTHOP;
	}

	/*
	 * Find route to destination.
	 */
	if (ip_findroute(&nh, dest, m) != 0)

		return (NULL);	/* icmp unreach already sent */

	/*
	 * Avoid second route lookup by caching destination.
	 */
	rtdest.s_addr = dest.s_addr;

	/*
	 * Step 5: outgoing firewall packet processing
	 */
	if (!PFIL_HOOKED(&V_inet_pfil_hook))

	 */
	if (m->m_flags & M_IP_NEXTHOP)
		fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
	else
		fwd_tag = NULL;
	if (odest.s_addr != dest.s_addr || fwd_tag != NULL) {
		/*
		 * Is it now for a local address on this host?

			m_tag_delete(m, fwd_tag);
			m->m_flags &= ~M_IP_NEXTHOP;
		}
		if ((dest.s_addr != rtdest.s_addr) &&
		    (ip_findroute(&nh, dest, m) != 0))
			return (NULL);	/* icmp unreach already sent */
	}


Return to bug 231143

Lines 151-157 ip_tryforward(struct mbuf *m) Link Here

(-)sys/netinet/ip_fastfwd.c (-2 / +24 lines)
151	struct mbuf *m0 = NULL;	151	struct mbuf *m0 = NULL;
152	struct nhop4_basic nh;	152	struct nhop4_basic nh;
153	struct sockaddr_in dst;	153	struct sockaddr_in dst;
154	struct in_addr odest, dest;	154	struct in_addr dest, odest, rtdest;
155	uint16_t ip_len, ip_off;	155	uint16_t ip_len, ip_off;
156	int error = 0;	156	int error = 0;
157	struct m_tag *fwd_tag = NULL;	157	struct m_tag *fwd_tag = NULL;
Lines 292-297 passin: Link Here
292	#endif	292	#endif
293		293
294	/*	294	/*
		295	* Next hop forced by ipfilter hook?
		296	*/
		297	if ((m->m_flags & M_IP_NEXTHOP) &&
		298	((fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL)) {
		299	/*
		300	* Now we will find route to forced destination.
		301	*/
		302	dest.s_addr = ((struct sockaddr_in *)
		303	(fwd_tag + 1))->sin_addr.s_addr;
		304	m_tag_delete(m, fwd_tag);
		305	m->m_flags &= ~M_IP_NEXTHOP;
		306	}
		307
		308	/*
295	* Find route to destination.	309	* Find route to destination.
296	*/	310	*/
297	if (ip_findroute(&nh, dest, m) != 0)	311	if (ip_findroute(&nh, dest, m) != 0)
Lines 298-303 passin: Link Here
298	return (NULL); /* icmp unreach already sent */	312	return (NULL); /* icmp unreach already sent */
299		313
300	/*	314	/*
		315	* Avoid second route lookup by caching destination.
		316	*/
		317	rtdest.s_addr = dest.s_addr;
		318
		319	/*
301	* Step 5: outgoing firewall packet processing	320	* Step 5: outgoing firewall packet processing
302	*/	321	*/
303	if (!PFIL_HOOKED(&V_inet_pfil_hook))	322	if (!PFIL_HOOKED(&V_inet_pfil_hook))
Lines 319-324 passin: Link Here
319	*/	338	*/
320	if (m->m_flags & M_IP_NEXTHOP)	339	if (m->m_flags & M_IP_NEXTHOP)
321	fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);	340	fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
		341	else
		342	fwd_tag = NULL;
322	if (odest.s_addr != dest.s_addr \|\| fwd_tag != NULL) {	343	if (odest.s_addr != dest.s_addr \|\| fwd_tag != NULL) {
323	/*	344	/*
324	* Is it now for a local address on this host?	345	* Is it now for a local address on this host?
Lines 340-346 forwardlocal: Link Here
340	m_tag_delete(m, fwd_tag);	361	m_tag_delete(m, fwd_tag);
341	m->m_flags &= ~M_IP_NEXTHOP;	362	m->m_flags &= ~M_IP_NEXTHOP;
342	}	363	}
343	if (ip_findroute(&nh, dest, m) != 0)	364	if ((dest.s_addr != rtdest.s_addr) &&
		365	(ip_findroute(&nh, dest, m) != 0))
344	return (NULL); /* icmp unreach already sent */	366	return (NULL); /* icmp unreach already sent */
345	}	367	}
346		368