Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 17 Oct 2013 17:09:53 GMT
From:      "G. Paul Ziemba" <p-freebsd-bugs@ziemba.us>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/183065: ipfilter to/fastroute should use correct FIB
Message-ID:  <201310171709.r9HH9rh3024465@oldred.freebsd.org>
Resent-Message-ID: <201310171710.r9HHA0An042251@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         183065
>Category:       kern
>Synopsis:       ipfilter to/fastroute should use correct FIB
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 17 17:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     G. Paul Ziemba
>Release:        9.1
>Organization:
>Environment:
FreeBSD hairball.ziemba.us 9.1-STABLE FreeBSD 9.1-STABLE #10 r249454M: Mon Oct  7 23:27:47 PDT 2013     root@hairball:/usr/obj/usr/src/sys/GPZ-130412  amd64
>Description:
If you have an ipfilter rule using option "to <interface name>" such as:

    pass in log quick on em0.101 to dc0 from any to 192.168.0.0/24

and the interfaces in question have a non-default FIB associated with them, e.g.

    dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80008<VLAN_MTU,LINKSTATE>
        ether 00:00:d1:1a:c0:e5
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        fib: 1

    em0.101: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=103<RXCSUM,TXCSUM,TSO4>
        ether 00:30:48:dd:37:ac
        inet 10.126.0.1 netmask 0xffff0000 broadcast 10.126.255.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        fib: 1
        vlan: 101 parent interface: em0

then ipfilter wrongly looks up the destination in FIB 0.
>How-To-Repeat:
Configure ipfilter to use to/fastforward between interfaces using non-0 FIB.
>Fix:
Please see attached patch

Patch attached with submission follows:

--- /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c.orig	2013-04-12 23:27:26.000000000 -0700
+++ /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c	2013-10-06 23:19:59.000000000 -0700
@@ -984,7 +984,7 @@
 		dst->sin_addr = fdp->fd_ip;
 
 	dst->sin_len = sizeof(*dst);
-	in_rtalloc(ro, 0);
+	in_rtalloc(ro, M_GETFIB(m0));
 
 	if ((ifp == NULL) && (ro->ro_rt != NULL))
 		ifp = ro->ro_rt->rt_ifp;


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310171709.r9HH9rh3024465>