Bug 61259

Summary:

[patch] make "ipfw tee" work as intended under freebsd-5

Product:

Base System

Reporter:

P Kern <pak>

Component:

kern

Assignee:

Andre Oppermann <andre>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

pak

Priority:

Normal

Version:

Unspecified

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
file.diff	none

Description P Kern 2004-01-12 17:10:18 UTC

	[ This the FreeBSD-5 version of ...
		http://www.freebsd.org/cgi/query-pr.cgi?pr=60377
	  It differs only by shifts in line numbers.  ]

	Currently with "ipfw tee" [as noted in BUGS in ipfw(8) ...]
	  "the search terminates and the original packet is accepted."
	Here is a patch to make "ipfw tee" work as originally intended.
	With this patch, after a matching packet is sent to the divert
	socket, instead of terminating the search and accepting the
	packet, the search continues so that the packet is checked
	against any further IPFW rules.

	Files changed with this patch:
		sys/netinet/ip_input.c
		sys/netinet/ip_output.c
		sbin/ipfw/ipfw.8

	Hope this helps.
	P Kern.

Fix: *** sys/netinet/ip_input.c	2004/01/12 16:04:35	1.1
--- sys/netinet/ip_input.c	2004/01/12 16:08:05
***************

Comment 1 P Kern 2004-01-15 21:59:25 UTC

Please see my follow-up to ...
	http://www.freebsd.org/cgi/query-pr.cgi?pr=60377

The patch for ip_input.c now reads ....

	if (clone != NULL) {
		...
		ip_input(...);
		return;
	}

... but it should instead read ...

	if (clone != NULL) {
		...
		ip_input(...);
	}
	return;

Sorry about that. Hope this helps. pak.

Comment 2 Kris Kennaway freebsd_committer

2004-03-16 00:34:07 UTC

Responsible Changed
From-To: freebsd-bugs->ipfw

Assign to ipfw mailing list

Comment 3 Andre Oppermann freebsd_committer

2004-08-24 19:11:24 UTC

Responsible Changed
From-To: ipfw->andre

Take over.

Comment 4 Andre Oppermann freebsd_committer

2004-09-09 13:29:07 UTC

State Changed
From-To: open->closed

A fix for the 'ipfw tee' problem is developed and tracked in 
kern/64240.