Date: Thu, 16 Jan 2014 11:50:01 +0000 (UTC) From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r260702 - head/sys/netinet Message-ID: <201401161150.s0GBo1c1069638@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: melifaro Date: Thu Jan 16 11:50:00 2014 New Revision: 260702 URL: http://svnweb.freebsd.org/changeset/base/260702 Log: Fix ipfw fwd for IPv4 traffic broken by r249894. Problem case: Original lookup returns route with GW set, so gw points to rte->rt_gateway. After that we're changing dst and performing lookup another time. Since fwd host is most probably directly reachable, resulting rte does not contain rt_gateway, so gw is not set. Finally, we end with packet transmitted to proper interface but wrong link-layer address. Found by: lstewart Discussed with: ae,lstewart MFC after: 2 weeks Sponsored by: Yandex LLC Modified: head/sys/netinet/ip_output.c Modified: head/sys/netinet/ip_output.c ============================================================================== --- head/sys/netinet/ip_output.c Thu Jan 16 06:26:03 2014 (r260701) +++ head/sys/netinet/ip_output.c Thu Jan 16 11:50:00 2014 (r260702) @@ -202,6 +202,13 @@ ip_output(struct mbuf *m, struct mbuf *o hlen = ip->ip_hl << 2; } + /* + * dst/gw handling: + * + * dst can be rewritten but always point to &ro->ro_dst + * gw is readonly but can be pointed either to dst OR rt_gatewy + * therefore we need restore GW if we're re-doing lookup + */ gw = dst = (struct sockaddr_in *)&ro->ro_dst; again: ia = NULL; @@ -221,6 +228,7 @@ again: RO_RTFREE(ro); ro->ro_lle = NULL; rte = NULL; + gw = dst; } if (rte == NULL && fwd_tag == NULL) { bzero(dst, sizeof(*dst));
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401161150.s0GBo1c1069638>