From owner-p4-projects@FreeBSD.ORG Tue Oct 7 13:18:42 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 5A2C916A4C1; Tue, 7 Oct 2003 13:18:42 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16D0116A4BF for ; Tue, 7 Oct 2003 13:18:42 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C250143F85 for ; Tue, 7 Oct 2003 13:18:40 -0700 (PDT) (envelope-from sam@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h97KIeXJ079334 for ; Tue, 7 Oct 2003 13:18:40 -0700 (PDT) (envelope-from sam@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h97KIev7079331 for perforce@freebsd.org; Tue, 7 Oct 2003 13:18:40 -0700 (PDT) (envelope-from sam@freebsd.org) Date: Tue, 7 Oct 2003 13:18:40 -0700 (PDT) Message-Id: <200310072018.h97KIev7079331@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to sam@freebsd.org using -f From: Sam Leffler To: Perforce Change Reviews Subject: PERFORCE change 39330 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Oct 2003 20:18:42 -0000 http://perforce.freebsd.org/chv.cgi?CH=39330 Change 39330 by sam@sam_ebb on 2003/10/07 13:18:06 pfil hooks can modify packet contents so check if the destination address has been changed when PFIL_HOOKS is enabled and, if it has, arrange for the proper action by ip*_forward. Submitted by: Pyun YongHyeon Affected files ... .. //depot/projects/netperf/sys/netinet/ip_input.c#10 edit .. //depot/projects/netperf/sys/netinet6/ip6_input.c#7 edit Differences ... ==== //depot/projects/netperf/sys/netinet/ip_input.c#10 (text+ko) ==== @@ -360,6 +360,10 @@ u_int32_t divert_info = 0; /* packet divert/tee info */ struct ip_fw_args args; struct route cro; /* copy of cached route */ + int srcrt = 0; /* forward by ``src routing'' */ +#ifdef PFIL_HOOKS + struct in_addr odst; /* original dst address */ +#endif #ifdef FAST_IPSEC struct m_tag *mtag; struct tdb_ident *tdbi; @@ -516,13 +520,19 @@ #ifdef PFIL_HOOKS /* * Run through list of hooks for input packets. + * + * NB: Beware of the destination address changing (e.g. + * by NAT rewriting). When this happens, tell + * ip_forward to do the right thing. */ + odst = ip->ip_dst; if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN) != 0) return; if (m == NULL) /* consumed by filter */ return; ip = mtod(m, struct ip *); + srcrt = (odst.s_addr != ip->ip_dst.s_addr); #endif /* PFIL_HOOKS */ if (fw_enable && IPFW_LOADED) { @@ -759,7 +769,7 @@ } #endif /* FAST_IPSEC */ RTCACHE_GET(&cro); - ip_forward(m, &cro, 0, args.next_hop); + ip_forward(m, &cro, srcrt, args.next_hop); } return; ==== //depot/projects/netperf/sys/netinet6/ip6_input.c#7 (text+ko) ==== @@ -247,6 +247,10 @@ u_int32_t rtalert = ~0; int nxt, ours = 0; struct ifnet *deliverifp = NULL; +#ifdef PFIL_HOOKS + struct in6_addr odst; +#endif + int srcrt = 0; mtx_assert(&Giant, MA_NOTOWNED); mtx_lock(&Giant); @@ -346,7 +350,12 @@ #ifdef PFIL_HOOKS /* * Run through list of hooks for input packets. + * + * NB: Beware of the destination address changing + * (e.g. by NAT rewriting). When this happens, + * tell ip6_forward to do the right thing. */ + odst = ip6->ip6_dst; if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN)) { mtx_unlock(&Giant); return; @@ -356,6 +365,7 @@ return; } ip6 = mtod(m, struct ip6_hdr *); + srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); #endif /* PFIL_HOOKS */ ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; @@ -764,7 +774,7 @@ return; } } else if (!ours) { - ip6_forward(m, 0); + ip6_forward(m, srcrt); mtx_unlock(&Giant); return; }