Date: Thu, 17 Oct 2013 17:09:53 GMT From: "G. Paul Ziemba" <p-freebsd-bugs@ziemba.us> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/183065: ipfilter to/fastroute should use correct FIB Message-ID: <201310171709.r9HH9rh3024465@oldred.freebsd.org> Resent-Message-ID: <201310171710.r9HHA0An042251@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 183065 >Category: kern >Synopsis: ipfilter to/fastroute should use correct FIB >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Oct 17 17:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: G. Paul Ziemba >Release: 9.1 >Organization: >Environment: FreeBSD hairball.ziemba.us 9.1-STABLE FreeBSD 9.1-STABLE #10 r249454M: Mon Oct 7 23:27:47 PDT 2013 root@hairball:/usr/obj/usr/src/sys/GPZ-130412 amd64 >Description: If you have an ipfilter rule using option "to <interface name>" such as: pass in log quick on em0.101 to dc0 from any to 192.168.0.0/24 and the interfaces in question have a non-default FIB associated with them, e.g. dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80008<VLAN_MTU,LINKSTATE> ether 00:00:d1:1a:c0:e5 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> media: Ethernet autoselect (100baseTX <full-duplex>) status: active fib: 1 em0.101: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=103<RXCSUM,TXCSUM,TSO4> ether 00:30:48:dd:37:ac inet 10.126.0.1 netmask 0xffff0000 broadcast 10.126.255.255 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> media: Ethernet autoselect (100baseTX <full-duplex>) status: active fib: 1 vlan: 101 parent interface: em0 then ipfilter wrongly looks up the destination in FIB 0. >How-To-Repeat: Configure ipfilter to use to/fastforward between interfaces using non-0 FIB. >Fix: Please see attached patch Patch attached with submission follows: --- /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c.orig 2013-04-12 23:27:26.000000000 -0700 +++ /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c 2013-10-06 23:19:59.000000000 -0700 @@ -984,7 +984,7 @@ dst->sin_addr = fdp->fd_ip; dst->sin_len = sizeof(*dst); - in_rtalloc(ro, 0); + in_rtalloc(ro, M_GETFIB(m0)); if ((ifp == NULL) && (ro->ro_rt != NULL)) ifp = ro->ro_rt->rt_ifp; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310171709.r9HH9rh3024465>