Date: Tue, 27 Aug 2002 13:47:07 +0930 From: Ian West <ian@niw.com.au> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: freebsd-net@FreeBSD.ORG Subject: Re: local fwd and ipfw2 on stable problem with port byte order. Message-ID: <20020827041707.GT499@axiom.niw.com.au> In-Reply-To: <20020826205758.B16932@iguana.icir.org> References: <20020827013158.GO499@axiom.niw.com.au> <20020826205758.B16932@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I was concerned about getting ipfw userland and kernel out of sync. As far as I can tell there are two lines in ip_fw.c (kernel) that would need to be changed, and two lines in ipfw.c (userland) they seem to work for me here. The risk is though that a kernel update only without userland could actually introduce the problem into ipfw1 that we are trying fix in ipfw2. I can forward also the patches for these if you like ? On Mon, Aug 26, 2002 at 08:57:58PM -0700, Luigi Rizzo wrote: > If we are going to do this, i'd remove the conditional > below (anyways it should be htons() in the ipfw1 case, as you > mentioned) and instead update sbin/ipfw/ipfw.c on -stable > to put the port number in network format. > > cheers > luigi > > On Tue, Aug 27, 2002 at 11:01:58AM +0930, Ian West wrote: > > There is a small problem with ipfw2 running on -stable. The problem > > affects only the fwd command with a port number, such as the following > > > > ipfw add fwd 127.0.0.1,2048 tcp from any to any in via dc0 > > > > The problem is that port is already in network byte order when it > > arrives in next_hop->sin_port from ipfw2, but not from ipfw1. > > > > I think this may affect current as well, but I am not certain and have > > not tested it. > > > > The simplest patch seems to be the following, which bypasses the extra > > ntohs if IPFW2 is in use, otherwise it leaves it unchanged. This may or > > may not be a good solution :) My thinking is that the ipfw2 method has > > one less byte swap in the important packet handling code, and stores the > > port number in network byte order in the socket struct, all of which > > seems like a good idea. For these reasons a small change to tcp_input > > seems better than changes to ipfw2 ? > > > > Index: tcp_input.c > > =================================================================== > > RCS file: /cvs/freebsd/src/sys/netinet/tcp_input.c,v > > retrieving revision 1.107.2.27 > > diff -u -r1.107.2.27 tcp_input.c > > --- tcp_input.c 24 Aug 2002 18:40:25 -0000 1.107.2.27 > > +++ tcp_input.c 27 Aug 2002 00:45:29 -0000 > > @@ -536,7 +536,11 @@ > > inp = in_pcblookup_hash(&tcbinfo, > > ip->ip_src, th->th_sport, > > next_hop->sin_addr, > > +#if IPFW2 > > + next_hop->sin_port, 1, > > +#else > > ntohs(next_hop->sin_port), 1, > > +#endif > > m->m_pkthdr.rcvif); > > } > > } > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020827041707.GT499>