Bug 145004

Summary: 8.0-STABLE net.inet.ip.fw.one_pass: 1 not work
Product: Base System Reporter: Vitaly Moiseev <vm>
Component: miscAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 8.0-STABLE   
Hardware: Any   
OS: Any   

Description Vitaly Moiseev 2010-03-24 10:20:02 UTC 
after update to 8.0-STABLE when use ipfw pipe dummynet and variable net.inet.ip.fw.one_pass set to 1, the packet is passed again to the firewall code starting from the next rule.

How-To-Repeat: use ipfw pipe and default to deny ipfw and set net.inet.ip.fw.one_pass=1 - the packets after exit from pipe rules go to next rules.
Comment 1 dfilter service freebsd_committer freebsd_triage 2010-03-24 15:17:08 UTC 
Author: luigi
Date: Wed Mar 24 15:16:59 2010
New Revision: 205602
URL: http://svn.freebsd.org/changeset/base/205602

Log:
  Honor ip.fw.one_pass when a packet comes out of a pipe without being delayed.
  I forgot to handle this case when i did the mtag cleanup three months ago.
  
  PR:		145004

Modified:
  head/sys/netinet/ipfw/ip_dn_io.c

Modified: head/sys/netinet/ipfw/ip_dn_io.c
==============================================================================
--- head/sys/netinet/ipfw/ip_dn_io.c	Wed Mar 24 15:16:05 2010	(r205601)
+++ head/sys/netinet/ipfw/ip_dn_io.c	Wed Mar 24 15:16:59 2010	(r205602)
@@ -762,7 +762,11 @@ dummynet_io(struct mbuf **m0, int dir, s
 	 *     
 	 */
 	if (/*dn_cfg.io_fast &&*/ m == *m0 && (dir & PROTO_LAYER2) == 0 ) {
-		/* fast io */
+		/* fast io, rename the tag * to carry reinject info. */
+		struct m_tag *tag = m_tag_first(m);
+
+		tag->m_tag_cookie = MTAG_IPFW_RULE;
+		tag->m_tag_id = 0;
 		io_pkt_fast++;
 		if (m->m_nextpkt != NULL) {
 			printf("dummynet: fast io: pkt chain detected!\n");
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Comment 2 dfilter service freebsd_committer freebsd_triage 2010-03-24 15:20:04 UTC 
Author: luigi
Date: Wed Mar 24 15:19:47 2010
New Revision: 205603
URL: http://svn.freebsd.org/changeset/base/205603

Log:
  MFC 205602:
  Honor ip.fw.one_pass when a packet comes out of a pipe without being delayed.
  I forgot to handle this case when i did the mtag cleanup three months ago.
  
  I am merging immediately because this bugfix is important for
  people using RELENG_8.
  
  PR:           145004

Modified:
  stable/8/sys/netinet/ipfw/ip_dn_io.c

Modified: stable/8/sys/netinet/ipfw/ip_dn_io.c
==============================================================================
--- stable/8/sys/netinet/ipfw/ip_dn_io.c	Wed Mar 24 15:16:59 2010	(r205602)
+++ stable/8/sys/netinet/ipfw/ip_dn_io.c	Wed Mar 24 15:19:47 2010	(r205603)
@@ -762,7 +762,11 @@ dummynet_io(struct mbuf **m0, int dir, s
 	 *     
 	 */
 	if (/*dn_cfg.io_fast &&*/ m == *m0 && (dir & PROTO_LAYER2) == 0 ) {
-		/* fast io */
+		/* fast io, rename the tag * to carry reinject info. */
+		struct m_tag *tag = m_tag_first(m);
+
+		tag->m_tag_cookie = MTAG_IPFW_RULE;
+		tag->m_tag_id = 0;
 		io_pkt_fast++;
 		if (m->m_nextpkt != NULL) {
 			printf("dummynet: fast io: pkt chain detected!\n");
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Comment 3 Luigi Rizzo freebsd_committer freebsd_triage 2010-03-24 15:20:12 UTC 
State Changed
From-To: open->closed

fixed in r205601(HEAD) and r205602(RELENG_8)