FreeBSD Bugzilla – Attachment 196860 Details for
Bug 231143
[regression] ipfw fwd wrong behaviour with fast forwarding
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed fix
ip_fastfwd.c.diff (text/plain), 1.74 KB, created by
Eugene Grosbein
on 2018-09-04 15:09:28 UTC
(
hide
)
Description:
proposed fix
Filename:
MIME Type:
Creator:
Eugene Grosbein
Created:
2018-09-04 15:09:28 UTC
Size:
1.74 KB
patch
obsolete
>Index: sys/netinet/ip_fastfwd.c >=================================================================== >--- sys/netinet/ip_fastfwd.c (revision 338011) >+++ sys/netinet/ip_fastfwd.c (working copy) >@@ -151,7 +151,7 @@ ip_tryforward(struct mbuf *m) > struct mbuf *m0 = NULL; > struct nhop4_basic nh; > struct sockaddr_in dst; >- struct in_addr odest, dest; >+ struct in_addr dest, odest, rtdest; > uint16_t ip_len, ip_off; > int error = 0; > struct m_tag *fwd_tag = NULL; >@@ -292,6 +292,20 @@ passin: > #endif > > /* >+ * Next hop forced by ipfilter hook? >+ */ >+ if ((m->m_flags & M_IP_NEXTHOP) && >+ ((fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL)) { >+ /* >+ * Now we will find route to forced destination. >+ */ >+ dest.s_addr = ((struct sockaddr_in *) >+ (fwd_tag + 1))->sin_addr.s_addr; >+ m_tag_delete(m, fwd_tag); >+ m->m_flags &= ~M_IP_NEXTHOP; >+ } >+ >+ /* > * Find route to destination. > */ > if (ip_findroute(&nh, dest, m) != 0) >@@ -298,6 +312,11 @@ passin: > return (NULL); /* icmp unreach already sent */ > > /* >+ * Avoid second route lookup by caching destination. >+ */ >+ rtdest.s_addr = dest.s_addr; >+ >+ /* > * Step 5: outgoing firewall packet processing > */ > if (!PFIL_HOOKED(&V_inet_pfil_hook)) >@@ -319,6 +338,8 @@ passin: > */ > if (m->m_flags & M_IP_NEXTHOP) > fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); >+ else >+ fwd_tag = NULL; > if (odest.s_addr != dest.s_addr || fwd_tag != NULL) { > /* > * Is it now for a local address on this host? >@@ -340,7 +361,8 @@ forwardlocal: > m_tag_delete(m, fwd_tag); > m->m_flags &= ~M_IP_NEXTHOP; > } >- if (ip_findroute(&nh, dest, m) != 0) >+ if ((dest.s_addr != rtdest.s_addr) && >+ (ip_findroute(&nh, dest, m) != 0)) > return (NULL); /* icmp unreach already sent */ > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=196860">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 231143
:
196851
|
196852
| 196860