Date: Fri, 14 Nov 2014 11:34:40 +0100 From: Ilya Bakulin <ilya@bakulin.de> To: =?UTF-8?Q?Ermal_Lu=C3=A7i?= <eri@freebsd.org> Cc: owner-freebsd-pf@freebsd.org, bugzilla-noreply@freebsd.org, freebsd-pf@freebsd.org Subject: Re: [Bug 172648] [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet checksum on SYN ACK Message-ID: <48fa06babb4c371b69c8e3bb2a3e1cd3@mail.bakulin.de> In-Reply-To: <CAPBZQG100NL9-XSFR6zzacuq27g1jDnhrfCM_pTHzSfC_uZiGQ@mail.gmail.com> References: <bug-172648-17777@https.bugs.freebsd.org/bugzilla/> <bug-172648-17777-zy8ppFf4Pk@https.bugs.freebsd.org/bugzilla/> <CAPBZQG100NL9-XSFR6zzacuq27g1jDnhrfCM_pTHzSfC_uZiGQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Ermal, unfortunately your inline patch seems to be broken, actually it is a patch for patch??? Please send a correct copy. On 2014-11-10 09:46, Ermal Luçi wrote: > Give this patch inline a try: > > --- a/patches/releng/10.1/pf_reply-to.enahnce.diff > +++ b/patches/releng/10.1/pf_reply-to.enahnce.diff > @@ -1,8 +1,33 @@ > +diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c > +index 837b617..b6c37a9 100644 > +--- a/sys/netinet6/ip6_output.c > ++++ b/sys/netinet6/ip6_output.c > +@@ -185,7 +185,7 @@ static int copypktopts(struct ip6_pktopts *, > struct ip6_pktopts *, int); > + }\ > + } while (/*CONSTCOND*/ 0) > + > +-static void > ++void > + in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset) > + { > + u_short csum; > +diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h > +index 70e487e..0d72b37 100644 > +--- a/sys/netinet6/ip6_var.h > ++++ b/sys/netinet6/ip6_var.h > +@@ -445,6 +445,7 @@ int rip6_usrreq(struct socket *, > + int dest6_input(struct mbuf **, int *, int); > + int none_input(struct mbuf **, int *, int); > + > ++void in6_delayed_cksum(struct mbuf *, uint32_t, u_short); > + int in6_selectsrc(struct sockaddr_in6 *, struct ip6_pktopts *, > + struct inpcb *inp, struct route_in6 *, struct ucred *cred, > + struct ifnet **, struct in6_addr *); > diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c > -index 6bc7ce6..2ceaf0e 100644 > +index a76d06e..257fae2 100644 > --- a/sys/netpfil/pf/pf.c > +++ b/sys/netpfil/pf/pf.c > -@@ -343,11 +343,9 @@ do { \ > +@@ -335,11 +335,9 @@ do { \ > } \ > if ((d) == PF_OUT && \ > (((s)->rule.ptr->rt == PF_ROUTETO && \ > @@ -17,7 +42,7 @@ index 6bc7ce6..2ceaf0e 100644 > return (PF_PASS); \ > } while (0) > > -@@ -5888,7 +5886,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, > int dir, struct ifnet *oifp, > +@@ -5646,7 +5644,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, > int dir, struct ifnet *oifp, > else if (r->rt == PF_ROUTETO && r->direction == dir && > in_localip(ip->ip_dst)) > return; > > @@ -31,7 +56,7 @@ index 6bc7ce6..2ceaf0e 100644 > if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address > list?! */ > return; > > -@@ -6127,7 +6130,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, > int dir, struct ifnet *oifp, > +@@ -5885,7 +5888,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, > int dir, struct ifnet *oifp, > } else if (r->rt == PF_ROUTETO && r->direction == dir && > in6_localaddr(&ip6->ip6_dst)) > return; > > @@ -45,3 +70,31 @@ index 6bc7ce6..2ceaf0e 100644 > > if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL && > r->direction == PF_OUT && r->direction == dir && > pd->pf_mtag->routed < 2) { > +diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c > +index dbd92f9..621a4f5 100644 > +--- a/sys/netpfil/pf/pf_ioctl.c > ++++ b/sys/netpfil/pf/pf_ioctl.c > +@@ -72,6 +72,7 @@ __FBSDID("$FreeBSD$"); > + #include <netinet/in.h> > + #include <netinet/ip.h> > + #include <netinet/ip_var.h> > ++#include <netinet6/ip6_var.h> > + #include <netinet/ip_icmp.h> > + > + #ifdef INET6 > +@@ -3690,12 +3691,9 @@ pf_check6_out(void *arg, struct mbuf **m, > struct ifnet *ifp, int dir, > + int chk; > + > + /* We need a proper CSUM before we start (s. OpenBSD ip_output) */ > +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { > +-#ifdef INET > +- /* XXX-BZ copy&paste error from r126261? */ > +- in_delayed_cksum(*m); > +-#endif > +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; > ++ if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { > ++ in6_delayed_cksum(*m, (*m)->m_pkthdr.len - sizeof(struct ip6_hdr), > sizeof(struct ip6_hdr)); > ++ (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; > + } > + CURVNET_SET(ifp->if_vnet); > + chk = pf_test6(PF_OUT, ifp, m, inp); > > > On Wed, Nov 5, 2014 at 3:29 PM, <bugzilla-noreply@freebsd.org> wrote: > >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=172648 >> >> Kurt Jaeger <pi@FreeBSD.org> changed: >> >> What |Removed |Added >> >> ---------------------------------------------------------------------------- >> CC| |pi@FreeBSD.org >> >> --- Comment #3 from Kurt Jaeger <pi@FreeBSD.org> --- >> See >> >> https://lists.freebsd.org/pipermail/freebsd-net/2014-November/040319.html >> >> -- >> You are receiving this mail because: >> You are the assignee for the bug. >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48fa06babb4c371b69c8e3bb2a3e1cd3>