From owner-svn-src-all@FreeBSD.ORG Fri Mar 12 10:24:59 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E51B106564A; Fri, 12 Mar 2010 10:24:59 +0000 (UTC) (envelope-from qingli@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 432138FC18; Fri, 12 Mar 2010 10:24:59 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o2CAOx1D069049; Fri, 12 Mar 2010 10:24:59 GMT (envelope-from qingli@svn.freebsd.org) Received: (from qingli@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o2CAOxUv069047; Fri, 12 Mar 2010 10:24:59 GMT (envelope-from qingli@svn.freebsd.org) Message-Id: <201003121024.o2CAOxUv069047@svn.freebsd.org> From: Qing Li Date: Fri, 12 Mar 2010 10:24:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r205077 - head/sys/net X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Mar 2010 10:24:59 -0000 Author: qingli Date: Fri Mar 12 10:24:58 2010 New Revision: 205077 URL: http://svn.freebsd.org/changeset/base/205077 Log: The flow-table module retrieves the destination and source address as well as the transport protocol port information from the outbound packets. The routing code is generic and compares every byte in the given sockaddr object. Therefore the temporary sockaddr objects must be cleared due to padding bytes. In addition, the port information must be stripped or the route search will either fail or return the incorrect route entry. Unit testing is done using OpenVPN over the if_tun interface. MFC after: 7 days Modified: head/sys/net/flowtable.c Modified: head/sys/net/flowtable.c ============================================================================== --- head/sys/net/flowtable.c Fri Mar 12 10:01:06 2010 (r205076) +++ head/sys/net/flowtable.c Fri Mar 12 10:24:58 2010 (r205077) @@ -593,6 +593,8 @@ flowtable_lookup_mbuf4(struct flowtable dsin = (struct sockaddr_in *)&dsa; ssin = (struct sockaddr_in *)&ssa; + bzero(dsin, sizeof(*dsin)); + bzero(ssin, sizeof(*ssin)); flags = ft->ft_flags; if (ipv4_mbuf_demarshal(ft, m, ssin, dsin, &flags) != 0) return (NULL); @@ -796,6 +798,8 @@ flowtable_lookup_mbuf6(struct flowtable dsin6 = (struct sockaddr_in6 *)&dsa; ssin6 = (struct sockaddr_in6 *)&ssa; + bzero(dsin6, sizeof(*dsin6)); + bzero(ssin6, sizeof(*ssin6)); flags = ft->ft_flags; if (ipv6_mbuf_demarshal(ft, m, ssin6, dsin6, &flags) != 0) @@ -1088,6 +1092,14 @@ flowtable_lookup(struct flowtable *ft, s ro = &sro; memcpy(&ro->ro_dst, dsa, sizeof(struct sockaddr_in)); + /* + * The harvested source and destination addresses + * may contain port information if the packet is + * from a transport protocol (e.g. TCP/UDP). The + * port field must be cleared before performing + * a route lookup. + */ + ((struct sockaddr_in *)&ro->ro_dst)->sin_port = 0; dsin = (struct sockaddr_in *)dsa; ssin = (struct sockaddr_in *)ssa; if ((dsin->sin_addr.s_addr == ssin->sin_addr.s_addr) || @@ -1105,6 +1117,7 @@ flowtable_lookup(struct flowtable *ft, s ro = (struct route *)&sro6; memcpy(&sro6.ro_dst, dsa, sizeof(struct sockaddr_in6)); + ((struct sockaddr_in6 *)&ro->ro_dst)->sin6_port = 0; dsin6 = (struct sockaddr_in6 *)dsa; ssin6 = (struct sockaddr_in6 *)ssa;