Date: Fri, 14 Nov 2014 11:34:40 +0100 From: Ilya Bakulin <ilya@bakulin.de> To: =?UTF-8?Q?Ermal_Lu=C3=A7i?= <eri@freebsd.org> Cc: owner-freebsd-pf@freebsd.org, bugzilla-noreply@freebsd.org, freebsd-pf@freebsd.org Subject: Re: [Bug 172648] [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet checksum on SYN ACK Message-ID: <48fa06babb4c371b69c8e3bb2a3e1cd3@mail.bakulin.de> In-Reply-To: <CAPBZQG100NL9-XSFR6zzacuq27g1jDnhrfCM_pTHzSfC_uZiGQ@mail.gmail.com> References: <bug-172648-17777@https.bugs.freebsd.org/bugzilla/> <bug-172648-17777-zy8ppFf4Pk@https.bugs.freebsd.org/bugzilla/> <CAPBZQG100NL9-XSFR6zzacuq27g1jDnhrfCM_pTHzSfC_uZiGQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Ermal,
unfortunately your inline patch seems to be broken, actually it is a
patch for patch???
Please send a correct copy.
On 2014-11-10 09:46, Ermal Luçi wrote:
> Give this patch inline a try:
>
> --- a/patches/releng/10.1/pf_reply-to.enahnce.diff
> +++ b/patches/releng/10.1/pf_reply-to.enahnce.diff
> @@ -1,8 +1,33 @@
> +diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
> +index 837b617..b6c37a9 100644
> +--- a/sys/netinet6/ip6_output.c
> ++++ b/sys/netinet6/ip6_output.c
> +@@ -185,7 +185,7 @@ static int copypktopts(struct ip6_pktopts *,
> struct ip6_pktopts *, int);
> + }\
> + } while (/*CONSTCOND*/ 0)
> +
> +-static void
> ++void
> + in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset)
> + {
> + u_short csum;
> +diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
> +index 70e487e..0d72b37 100644
> +--- a/sys/netinet6/ip6_var.h
> ++++ b/sys/netinet6/ip6_var.h
> +@@ -445,6 +445,7 @@ int rip6_usrreq(struct socket *,
> + int dest6_input(struct mbuf **, int *, int);
> + int none_input(struct mbuf **, int *, int);
> +
> ++void in6_delayed_cksum(struct mbuf *, uint32_t, u_short);
> + int in6_selectsrc(struct sockaddr_in6 *, struct ip6_pktopts *,
> + struct inpcb *inp, struct route_in6 *, struct ucred *cred,
> + struct ifnet **, struct in6_addr *);
> diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
> -index 6bc7ce6..2ceaf0e 100644
> +index a76d06e..257fae2 100644
> --- a/sys/netpfil/pf/pf.c
> +++ b/sys/netpfil/pf/pf.c
> -@@ -343,11 +343,9 @@ do { \
> +@@ -335,11 +335,9 @@ do { \
> } \
> if ((d) == PF_OUT && \
> (((s)->rule.ptr->rt == PF_ROUTETO && \
> @@ -17,7 +42,7 @@ index 6bc7ce6..2ceaf0e 100644
> return (PF_PASS); \
> } while (0)
>
> -@@ -5888,7 +5886,12 @@ pf_route(struct mbuf **m, struct pf_rule *r,
> int dir, struct ifnet *oifp,
> +@@ -5646,7 +5644,12 @@ pf_route(struct mbuf **m, struct pf_rule *r,
> int dir, struct ifnet *oifp,
> else if (r->rt == PF_ROUTETO && r->direction == dir &&
> in_localip(ip->ip_dst))
> return;
>
> @@ -31,7 +56,7 @@ index 6bc7ce6..2ceaf0e 100644
> if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address
> list?! */
> return;
>
> -@@ -6127,7 +6130,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r,
> int dir, struct ifnet *oifp,
> +@@ -5885,7 +5888,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r,
> int dir, struct ifnet *oifp,
> } else if (r->rt == PF_ROUTETO && r->direction == dir &&
> in6_localaddr(&ip6->ip6_dst))
> return;
>
> @@ -45,3 +70,31 @@ index 6bc7ce6..2ceaf0e 100644
>
> if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL &&
> r->direction == PF_OUT && r->direction == dir &&
> pd->pf_mtag->routed < 2) {
> +diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
> +index dbd92f9..621a4f5 100644
> +--- a/sys/netpfil/pf/pf_ioctl.c
> ++++ b/sys/netpfil/pf/pf_ioctl.c
> +@@ -72,6 +72,7 @@ __FBSDID("$FreeBSD$");
> + #include <netinet/in.h>
> + #include <netinet/ip.h>
> + #include <netinet/ip_var.h>
> ++#include <netinet6/ip6_var.h>
> + #include <netinet/ip_icmp.h>
> +
> + #ifdef INET6
> +@@ -3690,12 +3691,9 @@ pf_check6_out(void *arg, struct mbuf **m,
> struct ifnet *ifp, int dir,
> + int chk;
> +
> + /* We need a proper CSUM before we start (s. OpenBSD ip_output) */
> +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
> +-#ifdef INET
> +- /* XXX-BZ copy&paste error from r126261? */
> +- in_delayed_cksum(*m);
> +-#endif
> +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
> ++ if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) {
> ++ in6_delayed_cksum(*m, (*m)->m_pkthdr.len - sizeof(struct ip6_hdr),
> sizeof(struct ip6_hdr));
> ++ (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6;
> + }
> + CURVNET_SET(ifp->if_vnet);
> + chk = pf_test6(PF_OUT, ifp, m, inp);
>
>
> On Wed, Nov 5, 2014 at 3:29 PM, <bugzilla-noreply@freebsd.org> wrote:
>
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=172648
>>
>> Kurt Jaeger <pi@FreeBSD.org> changed:
>>
>> What |Removed |Added
>>
>> ----------------------------------------------------------------------------
>> CC| |pi@FreeBSD.org
>>
>> --- Comment #3 from Kurt Jaeger <pi@FreeBSD.org> ---
>> See
>>
>> https://lists.freebsd.org/pipermail/freebsd-net/2014-November/040319.html
>>
>> --
>> You are receiving this mail because:
>> You are the assignee for the bug.
>> _______________________________________________
>> freebsd-pf@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48fa06babb4c371b69c8e3bb2a3e1cd3>