Date: Tue, 7 Oct 2003 13:18:40 -0700 (PDT) From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 39330 for review Message-ID: <200310072018.h97KIev7079331@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=39330 Change 39330 by sam@sam_ebb on 2003/10/07 13:18:06 pfil hooks can modify packet contents so check if the destination address has been changed when PFIL_HOOKS is enabled and, if it has, arrange for the proper action by ip*_forward. Submitted by: Pyun YongHyeon <yongari@kt-is.co.kr> Affected files ... .. //depot/projects/netperf/sys/netinet/ip_input.c#10 edit .. //depot/projects/netperf/sys/netinet6/ip6_input.c#7 edit Differences ... ==== //depot/projects/netperf/sys/netinet/ip_input.c#10 (text+ko) ==== @@ -360,6 +360,10 @@ u_int32_t divert_info = 0; /* packet divert/tee info */ struct ip_fw_args args; struct route cro; /* copy of cached route */ + int srcrt = 0; /* forward by ``src routing'' */ +#ifdef PFIL_HOOKS + struct in_addr odst; /* original dst address */ +#endif #ifdef FAST_IPSEC struct m_tag *mtag; struct tdb_ident *tdbi; @@ -516,13 +520,19 @@ #ifdef PFIL_HOOKS /* * Run through list of hooks for input packets. + * + * NB: Beware of the destination address changing (e.g. + * by NAT rewriting). When this happens, tell + * ip_forward to do the right thing. */ + odst = ip->ip_dst; if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN) != 0) return; if (m == NULL) /* consumed by filter */ return; ip = mtod(m, struct ip *); + srcrt = (odst.s_addr != ip->ip_dst.s_addr); #endif /* PFIL_HOOKS */ if (fw_enable && IPFW_LOADED) { @@ -759,7 +769,7 @@ } #endif /* FAST_IPSEC */ RTCACHE_GET(&cro); - ip_forward(m, &cro, 0, args.next_hop); + ip_forward(m, &cro, srcrt, args.next_hop); } return; ==== //depot/projects/netperf/sys/netinet6/ip6_input.c#7 (text+ko) ==== @@ -247,6 +247,10 @@ u_int32_t rtalert = ~0; int nxt, ours = 0; struct ifnet *deliverifp = NULL; +#ifdef PFIL_HOOKS + struct in6_addr odst; +#endif + int srcrt = 0; mtx_assert(&Giant, MA_NOTOWNED); mtx_lock(&Giant); @@ -346,7 +350,12 @@ #ifdef PFIL_HOOKS /* * Run through list of hooks for input packets. + * + * NB: Beware of the destination address changing + * (e.g. by NAT rewriting). When this happens, + * tell ip6_forward to do the right thing. */ + odst = ip6->ip6_dst; if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN)) { mtx_unlock(&Giant); return; @@ -356,6 +365,7 @@ return; } ip6 = mtod(m, struct ip6_hdr *); + srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); #endif /* PFIL_HOOKS */ ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; @@ -764,7 +774,7 @@ return; } } else if (!ours) { - ip6_forward(m, 0); + ip6_forward(m, srcrt); mtx_unlock(&Giant); return; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310072018.h97KIev7079331>