Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Mar 2010 10:24:59 +0000 (UTC)
From:      Qing Li <qingli@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r205077 - head/sys/net
Message-ID:  <201003121024.o2CAOxUv069047@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: qingli
Date: Fri Mar 12 10:24:58 2010
New Revision: 205077
URL: http://svn.freebsd.org/changeset/base/205077

Log:
  The flow-table module retrieves the destination and source
  address as well as the transport protocol port information
  from the outbound packets. The routing code is generic and
  compares every byte in the given sockaddr object. Therefore
  the temporary sockaddr objects must be cleared due to padding
  bytes. In addition, the port information must be stripped
  or the route search will either fail or return the incorrect
  route entry.
  
  Unit testing is done using OpenVPN over the if_tun interface.
  
  MFC after:	7 days

Modified:
  head/sys/net/flowtable.c

Modified: head/sys/net/flowtable.c
==============================================================================
--- head/sys/net/flowtable.c	Fri Mar 12 10:01:06 2010	(r205076)
+++ head/sys/net/flowtable.c	Fri Mar 12 10:24:58 2010	(r205077)
@@ -593,6 +593,8 @@ flowtable_lookup_mbuf4(struct flowtable 
 
 	dsin = (struct sockaddr_in *)&dsa;
 	ssin = (struct sockaddr_in *)&ssa;
+	bzero(dsin, sizeof(*dsin));
+	bzero(ssin, sizeof(*ssin));
 	flags = ft->ft_flags;
 	if (ipv4_mbuf_demarshal(ft, m, ssin, dsin, &flags) != 0)
 		return (NULL);
@@ -796,6 +798,8 @@ flowtable_lookup_mbuf6(struct flowtable 
 
 	dsin6 = (struct sockaddr_in6 *)&dsa;
 	ssin6 = (struct sockaddr_in6 *)&ssa;
+	bzero(dsin6, sizeof(*dsin6));
+	bzero(ssin6, sizeof(*ssin6));
 	flags = ft->ft_flags;
 	
 	if (ipv6_mbuf_demarshal(ft, m, ssin6, dsin6, &flags) != 0)
@@ -1088,6 +1092,14 @@ flowtable_lookup(struct flowtable *ft, s
 
 		ro = &sro;
 		memcpy(&ro->ro_dst, dsa, sizeof(struct sockaddr_in));
+		/*
+		 * The harvested source and destination addresses
+		 * may contain port information if the packet is 
+		 * from a transport protocol (e.g. TCP/UDP). The 
+		 * port field must be cleared before performing 
+		 * a route lookup.
+		 */
+		((struct sockaddr_in *)&ro->ro_dst)->sin_port = 0;
 		dsin = (struct sockaddr_in *)dsa;
 		ssin = (struct sockaddr_in *)ssa;
 		if ((dsin->sin_addr.s_addr == ssin->sin_addr.s_addr) ||
@@ -1105,6 +1117,7 @@ flowtable_lookup(struct flowtable *ft, s
 		ro = (struct route *)&sro6;
 		memcpy(&sro6.ro_dst, dsa,
 		    sizeof(struct sockaddr_in6));
+		((struct sockaddr_in6 *)&ro->ro_dst)->sin6_port = 0;
 		dsin6 = (struct sockaddr_in6 *)dsa;
 		ssin6 = (struct sockaddr_in6 *)ssa;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003121024.o2CAOxUv069047>