Date: Mon, 26 Aug 2002 21:40:53 -0700 From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Ian West <ian@niw.com.au> Cc: freebsd-net@FreeBSD.ORG Subject: Re: local fwd and ipfw2 on stable problem with port byte order. Message-ID: <20020826214052.A17350@iguana.icir.org> In-Reply-To: <20020827041707.GT499@axiom.niw.com.au>; from ian@niw.com.au on Tue, Aug 27, 2002 at 01:47:07PM %2B0930 References: <20020827013158.GO499@axiom.niw.com.au> <20020826205758.B16932@iguana.icir.org> <20020827041707.GT499@axiom.niw.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 27, 2002 at 01:47:07PM +0930, Ian West wrote: > I was concerned about getting ipfw userland and kernel out of sync. As > far as I can tell there are two lines in ip_fw.c (kernel) that would > need to be changed, and two lines in ipfw.c (userland) they seem to work > for me here. The risk is though that a kernel update only without > userland could actually introduce the problem into ipfw1 that we are > trying fix in ipfw2. I can forward also the patches for these if you > like ? yes please -- i think it is worse to have ipfw1 and ipfw2 behave differently. If we want to save the modification to ipfw1 we can just change ipfw2 (userland) to adopt the unusual/wrong representation of the port number used by ipfw1. cheers luigi > On Mon, Aug 26, 2002 at 08:57:58PM -0700, Luigi Rizzo wrote: > > If we are going to do this, i'd remove the conditional > > below (anyways it should be htons() in the ipfw1 case, as you > > mentioned) and instead update sbin/ipfw/ipfw.c on -stable > > to put the port number in network format. > > > > cheers > > luigi > > > > On Tue, Aug 27, 2002 at 11:01:58AM +0930, Ian West wrote: > > > There is a small problem with ipfw2 running on -stable. The problem > > > affects only the fwd command with a port number, such as the following > > > > > > ipfw add fwd 127.0.0.1,2048 tcp from any to any in via dc0 > > > > > > The problem is that port is already in network byte order when it > > > arrives in next_hop->sin_port from ipfw2, but not from ipfw1. > > > > > > I think this may affect current as well, but I am not certain and have > > > not tested it. > > > > > > The simplest patch seems to be the following, which bypasses the extra > > > ntohs if IPFW2 is in use, otherwise it leaves it unchanged. This may or > > > may not be a good solution :) My thinking is that the ipfw2 method has > > > one less byte swap in the important packet handling code, and stores the > > > port number in network byte order in the socket struct, all of which > > > seems like a good idea. For these reasons a small change to tcp_input > > > seems better than changes to ipfw2 ? > > > > > > Index: tcp_input.c > > > =================================================================== > > > RCS file: /cvs/freebsd/src/sys/netinet/tcp_input.c,v > > > retrieving revision 1.107.2.27 > > > diff -u -r1.107.2.27 tcp_input.c > > > --- tcp_input.c 24 Aug 2002 18:40:25 -0000 1.107.2.27 > > > +++ tcp_input.c 27 Aug 2002 00:45:29 -0000 > > > @@ -536,7 +536,11 @@ > > > inp = in_pcblookup_hash(&tcbinfo, > > > ip->ip_src, th->th_sport, > > > next_hop->sin_addr, > > > +#if IPFW2 > > > + next_hop->sin_port, 1, > > > +#else > > > ntohs(next_hop->sin_port), 1, > > > +#endif > > > m->m_pkthdr.rcvif); > > > } > > > } > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-net" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020826214052.A17350>