Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 01 Feb 1997 13:25:44 +0000
From:      Brian Somers <brian@awfulhak.demon.co.uk>
To:        Archie Cobbs <archie@whistle.com>
Cc:        brian@utell.co.uk, terry@lambert.org, ari.suutari@ps.carel.fi, hackers@freebsd.org, cmott@srv.net, joerg_wunsch@uriah.heep.sax.de
Subject:   Re: ipdivert & masqd FIXED ! 
Message-ID:  <199702011325.NAA01803@awfulhak.demon.co.uk>
In-Reply-To: Your message of "Sat, 01 Feb 1997 00:43:01 PST." <199702010843.AAA06137@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> 
> > > Yes, ip_input() calls ip_output() indirectly when forwarding packets.
> > > You actually want to *not* zero ip_divert_ignore in this case in order
> > > to realize the intended semantics of the socket -- the loop avoidance
> > > is supposed to avoid all diversion back to the port, even if the packet
> > > passes through ipfw twice, on the way "in" and on the way "out".
> > > 
> > 
> > It turns out that this was the problem !
> > 
> > If 10.0.1.1 pings 10.0.1.254, ip_input() is called.  This diverts to masqd
> > and then gets re-injected.  The second time around, ip_input() ignores the
> > divert (correctly) but calls ip_output().  ip_output() incorrectly ignores
> > the divert socket - so the packet mangling doesn't get done !
> > 
> > I've altered things slightly so that ip_divert_ignore gets zero'd as soon
> > as it's been used in both ip_input() and ip_output().  Patches are available
> > on www.awfulhak.demon.co.uk.  Also, ip_divert_ignore is set in ip_divert.c
> > irrespective of whether sin->sin_port is around.... I think this may be wrong,
> > (it works, but for the wrong reasons) - ICMPs break with the check left in !
> 
> This wasn't the original intent, but in retrospect it makes more
> sense -- your patch that zeros ip_divert_ignore after calling
> ip_fw_chk() looks good to me...

I'll commit the changes then - anyone have a problem with them going into
2.2 too ?
-- 
Brian <brian@awfulhak.demon.co.uk>, <brian@freebsd.org>
      <http://www.awfulhak.demon.co.uk/>;
Don't _EVER_ lose your sense of humour....

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702011325.NAA01803>