From owner-p4-projects@FreeBSD.ORG  Wed Mar 26 23:59:17 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 5DDF81065675; Wed, 26 Mar 2008 23:59:17 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 035F2106564A
	for <perforce@freebsd.org>; Wed, 26 Mar 2008 23:59:17 +0000 (UTC)
	(envelope-from piso@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id E95468FC16
	for <perforce@freebsd.org>; Wed, 26 Mar 2008 23:59:16 +0000 (UTC)
	(envelope-from piso@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m2QNxGRC009872
	for <perforce@freebsd.org>; Wed, 26 Mar 2008 23:59:16 GMT
	(envelope-from piso@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m2QNxGWd009870
	for perforce@freebsd.org; Wed, 26 Mar 2008 23:59:16 GMT
	(envelope-from piso@freebsd.org)
Date: Wed, 26 Mar 2008 23:59:16 GMT
Message-Id: <200803262359.m2QNxGWd009870@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	piso@freebsd.org using -f
From: Paolo Pisati <piso@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 138687 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Mar 2008 23:59:17 -0000

http://perforce.freebsd.org/chv.cgi?CH=138687

Change 138687 by piso@piso_newluxor on 2008/03/26 23:59:16

	Pullup the data before using it.

Affected files ...

.. //depot/projects/soc2005/libalias/sys/netinet/ip_fw_nat.c#3 edit

Differences ...

==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw_nat.c#3 (text+ko) ====

@@ -245,18 +245,16 @@
 static int
 ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
 {
-	struct mbuf *mcl;
 	struct ip *ip;
 	/* XXX - libalias duct tape */
 	int ldt, retval;
-	char *c;
 
 	ldt = 0;
 	retval = 0;
-	if ((mcl = m_pullup(m, sizeof(struct ip))) ==
+	if ((m = m_pullup(m, sizeof(struct ip))) ==
 	    NULL)
 		goto badnat;
-	ip = mtod(mcl, struct ip *);
+	ip = mtod(m, struct ip *);
 	if (args->eh == NULL) {
 		ip->ip_len = htons(ip->ip_len);
 		ip->ip_off = htons(ip->ip_off);
@@ -310,27 +308,34 @@
 	 * it can handle delayed checksum and tso)
 	 */
 
-	if (mcl->m_pkthdr.rcvif == NULL && 
-	    mcl->m_pkthdr.csum_flags & 
+	if (m->m_pkthdr.rcvif == NULL && 
+	    m->m_pkthdr.csum_flags & 
 	    CSUM_DELAY_DATA)
 		ldt = 1;
 
-	c = mtod(mcl, char *);
 	if (args->oif == NULL)
-		retval = LibAliasIn(t->lib, &mcl, 
-				    MCLBYTES);
+		retval = LibAliasIn(t->lib, &m,
+		    MCLBYTES);
 	else
-		retval = LibAliasOut(t->lib, &mcl, 
-				     MCLBYTES);
+		retval = LibAliasOut(t->lib, &m,
+		    MCLBYTES);
 	if (retval != PKT_ALIAS_OK) {
+		printf("retval: ");
 		/* XXX - should i add some logging? */
-		m_free(mcl);
+		m_free(m);
 	badnat:
+		printf("badnat ");
+		if (args->oif == NULL)
+			printf("LibAliasIn");
+		else
+			printf("LibAliasOut");
+		printf("\n");
 		args->m = NULL;
 		return (IP_FW_DENY);
 	}
-	mcl->m_pkthdr.len = mcl->m_len = 
-	    ntohs(ip->ip_len);
+	m = m_pullup(m, sizeof(struct ip));
+	ip = mtod(m, struct ip *);
+	m->m_pkthdr.len = ntohs(ip->ip_len);
 
 	/* 
 	 * XXX - libalias checksum offload 
@@ -341,6 +346,10 @@
 	    ip->ip_p == IPPROTO_TCP) {
 		struct tcphdr 	*th; 
 
+		if ((m = m_pullup(m, (ip->ip_hl << 2) +
+			sizeof(struct tcphdr))) == NULL)
+			goto badnat;
+		ip = mtod(m, struct ip *);
 		th = (struct tcphdr *)(ip + 1);
 		if (th->th_x2) 
 			ldt = 1;
@@ -360,6 +369,9 @@
 					
 		switch (ip->ip_p) {
 		case IPPROTO_TCP:
+			if ((m = m_pullup(m, (ip->ip_hl << 2) + sizeof(struct tcphdr))) == NULL)
+				goto badnat;
+			ip = mtod(m, struct ip *);
 			th = (struct tcphdr *)(ip + 1);
 			/* 
 			 * Maybe it was set in 
@@ -367,13 +379,16 @@
 			 */
 			th->th_x2 = 0;
 			th->th_sum = cksum;
-			mcl->m_pkthdr.csum_data = 
+			m->m_pkthdr.csum_data = 
 			    offsetof(struct tcphdr, th_sum);
 			break;
 		case IPPROTO_UDP:
+			    if ((m = m_pullup(m, (ip->ip_hl << 2) + sizeof(struct udphdr))) == NULL)
+				goto badnat;
+			ip = mtod(m, struct ip *);
 			uh = (struct udphdr *)(ip + 1);
 			uh->uh_sum = cksum;
-			mcl->m_pkthdr.csum_data = 
+			m->m_pkthdr.csum_data = 
 			    offsetof(struct udphdr, uh_sum);
 			break;						
 		}
@@ -381,10 +396,10 @@
 		 * No hw checksum offloading: do it 
 		 * by ourself. 
 		 */
-		if ((mcl->m_pkthdr.csum_flags & 
+		if ((m->m_pkthdr.csum_flags & 
 		     CSUM_DELAY_DATA) == 0) {
-			in_delayed_cksum(mcl);
-			mcl->m_pkthdr.csum_flags &= 
+			in_delayed_cksum(m);
+			m->m_pkthdr.csum_flags &= 
 			    ~CSUM_DELAY_DATA;
 		}
 		ip->ip_len = htons(ip->ip_len);
@@ -395,7 +410,7 @@
 		ip->ip_off = ntohs(ip->ip_off);
 	}
 
-	args->m = mcl;
+	args->m = m;
 	return (IP_FW_NAT);
 }