From owner-freebsd-pf@FreeBSD.ORG Wed May 23 20:14:51 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 56981106564A for ; Wed, 23 May 2012 20:14:51 +0000 (UTC) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (106-30.3-213.fix.bluewin.ch [213.3.30.106]) by mx1.freebsd.org (Postfix) with ESMTP id 220158FC15 for ; Wed, 23 May 2012 20:14:48 +0000 (UTC) Received: from insomnia.benzedrine.cx (localhost.benzedrine.cx [127.0.0.1]) by insomnia.benzedrine.cx (8.14.1/8.13.4) with ESMTP id q4NKEg0q030854 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Wed, 23 May 2012 22:14:42 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.14.1/8.12.10/Submit) id q4NKEgpk024784; Wed, 23 May 2012 22:14:42 +0200 (MEST) Date: Wed, 23 May 2012 22:14:42 +0200 From: Daniel Hartmeier To: Joerg Pulz Message-ID: <20120523201442.GG29536@insomnia.benzedrine.cx> References: <201205231950.q4NJo4m1088701@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201205231950.q4NJo4m1088701@freefall.freebsd.org> User-Agent: Mutt/1.5.12-2006-07-14 Cc: freebsd-pf@freebsd.org Subject: Re: kern/168190: [pf] panic when using pf and route-to (maybe: bad fragment handling?) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2012 20:14:51 -0000 On Wed, May 23, 2012 at 07:50:04PM +0000, Joerg Pulz wrote: > system was running for about a day with your patch with many users using > it. It panic'ed some minutes ago. > System configuration is still the same, no other patches, no changed > interface settings or removed/changed kernel options. > > Here is the kgdb(1) output with "m" and "ifp" listed. > I hope this helps to get closer to the source of the problem. > > Let me know if you need more output. Great, that should bring us closer to the cause! I'd say one of the pfil hooks is leaving the mbuf in the wrong byte order. You have ipfilter and ipfw compiled into the kernel, but are their modules loaded? I extended the patch to add more checks, in ipfilter and ipfw as well, if you can run this up to another panic, we might clearly identify the responsible hook. I'll study the trace in the meantime, maybe more can be deduced already :) Kind regards, Daniel Index: sys/sys/mbuf.h =================================================================== RCS file: /home/ncvs/src/sys/sys/mbuf.h,v retrieving revision 1.242.2.1 diff -u -r1.242.2.1 mbuf.h --- sys/sys/mbuf.h 23 Sep 2011 00:51:37 -0000 1.242.2.1 +++ sys/sys/mbuf.h 23 May 2012 06:50:14 -0000 @@ -824,6 +824,22 @@ /* Compatibility with 4.3. */ #define m_copy(m, o, l) m_copym((m), (o), (l), M_DONTWAIT) +#define ASSERT_NET_BYTE_ORDER(m) do { \ + struct ip *ip = mtod((m), struct ip *); \ + if (ip->ip_len != htons(ip->ip_len) && \ + ip->ip_len == (m)->m_pkthdr.len) \ + panic("%s:%d ASSERT_NET_BYTE_ORDER %d %d", __func__, \ + __LINE__, (int)ip->ip_len, (int)htons(ip->ip_len)); \ +} while(0) + +#define ASSERT_HOST_BYTE_ORDER(m) do { \ + struct ip *ip = mtod((m), struct ip *); \ + if (ip->ip_len != htons(ip->ip_len) && \ + ntohs(ip->ip_len) == (m)->m_pkthdr.len) \ + panic("%s:%d ASSERT_HOST_BYTE_ORDER %d %d", __func__, \ + __LINE__, (int)ip->ip_len, (int)htons(ip->ip_len)); \ +} while(0) + extern int max_datalen; /* MHLEN - max_hdr */ extern int max_hdr; /* Largest link + protocol header */ extern int max_linkhdr; /* Largest link-level header */ Index: sys/contrib/ipfilter/netinet/fil.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/fil.c,v retrieving revision 1.57.4.1 diff -u -r1.57.4.1 fil.c --- sys/contrib/ipfilter/netinet/fil.c 23 Sep 2011 00:51:37 -0000 1.57.4.1 +++ sys/contrib/ipfilter/netinet/fil.c 23 May 2012 13:49:39 -0000 @@ -2445,6 +2445,7 @@ fin->fin_qpi = qpi; # else /* MENTAT */ + ASSERT_HOST_BYTE_ORDER(*mp); m = *mp; # if defined(M_MCAST) @@ -2519,6 +2520,7 @@ #endif } + ASSERT_HOST_BYTE_ORDER(m); if (fr_makefrip(hlen, ip, fin) == -1) { pass = FR_BLOCK|FR_NOMATCH; goto finished; @@ -2784,6 +2786,8 @@ ip->ip_off = ntohs(ip->ip_off); } # endif + if (*mp != NULL) + ASSERT_HOST_BYTE_ORDER(*mp); return (FR_ISPASS(pass)) ? 0 : fin->fin_error; #else /* _KERNEL */ FR_VERBOSE(("fin_flx %#x pass %#x ", fin->fin_flx, pass)); @@ -2955,6 +2959,7 @@ #ifdef USE_INET6 if (IP_V(ip) == 4) { #endif + ASSERT_HOST_BYTE_ORDER(m); hlen = IP_HL(ip) << 2; slen = l3len - hlen; sum = htons((u_short)l4proto); Index: sys/contrib/ipfilter/netinet/ip_fil_freebsd.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c,v retrieving revision 1.20.4.1 diff -u -r1.20.4.1 ip_fil_freebsd.c --- sys/contrib/ipfilter/netinet/ip_fil_freebsd.c 23 Sep 2011 00:51:37 -0000 1.20.4.1 +++ sys/contrib/ipfilter/netinet/ip_fil_freebsd.c 23 May 2012 06:33:23 -0000 @@ -183,6 +183,7 @@ fr_check_wrapper(void *arg, struct mbuf **mp, struct ifnet *ifp, int dir) { struct ip *ip = mtod(*mp, struct ip *); + ASSERT_HOST_BYTE_ORDER(*mp); return fr_check(ip, ip->ip_hl << 2, ifp, (dir == PFIL_OUT), mp); } Index: sys/contrib/pf/net/pf.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/pf/net/pf.c,v retrieving revision 1.78.2.6 diff -u -r1.78.2.6 pf.c --- sys/contrib/pf/net/pf.c 29 Feb 2012 09:47:26 -0000 1.78.2.6 +++ sys/contrib/pf/net/pf.c 23 May 2012 09:22:10 -0000 @@ -2560,6 +2560,7 @@ case AF_INET: #ifdef __FreeBSD__ /* icmp_error() expects host byte ordering */ + ASSERT_NET_BYTE_ORDER(m0); ip = mtod(m0, struct ip *); NTOHS(ip->ip_len); NTOHS(ip->ip_off); @@ -5894,6 +5895,8 @@ (dir != PF_IN && dir != PF_OUT) || oifp == NULL) panic("pf_route: invalid parameters"); + ASSERT_NET_BYTE_ORDER(*m); + #ifdef __FreeBSD__ if (pd->pf_mtag->routed++ > 3) { #else @@ -5977,6 +5980,7 @@ if (oifp != ifp) { #ifdef __FreeBSD__ + ASSERT_NET_BYTE_ORDER(m0); PF_UNLOCK(); if (pf_test(PF_OUT, ifp, &m0, NULL, NULL) != PF_PASS) { PF_LOCK(); @@ -5998,6 +6002,7 @@ goto bad; } ip = mtod(m0, struct ip *); + ASSERT_NET_BYTE_ORDER(m0); } #ifdef __FreeBSD__ @@ -6008,6 +6013,7 @@ /* * XXX: in_delayed_cksum assumes HBO for ip->ip_len (at least) */ + ASSERT_NET_BYTE_ORDER(m0); NTOHS(ip->ip_len); NTOHS(ip->ip_off); /* XXX: needed? */ in_delayed_cksum(m0); @@ -6017,6 +6023,8 @@ } m0->m_pkthdr.csum_flags &= ifp->if_hwassist; + ASSERT_NET_BYTE_ORDER(m0); + if (ntohs(ip->ip_len) <= ifp->if_mtu || (ifp->if_hwassist & CSUM_FRAGMENT && ((ip->ip_off & htons(IP_DF)) == 0))) { @@ -6104,6 +6112,7 @@ if (r->rt != PF_DUPTO) { #ifdef __FreeBSD__ /* icmp_error() expects host byte ordering */ + ASSERT_NET_BYTE_ORDER(m0); NTOHS(ip->ip_len); NTOHS(ip->ip_off); PF_UNLOCK(); @@ -6124,6 +6133,7 @@ /* * XXX: is cheaper + less error prone than own function */ + ASSERT_NET_BYTE_ORDER(m0); NTOHS(ip->ip_len); NTOHS(ip->ip_off); error = ip_fragment(ip, &m0, ifp->if_mtu, ifp->if_hwassist, sw_csum); @@ -6672,6 +6682,8 @@ #endif /* DIAGNOSTIC */ #endif + ASSERT_NET_BYTE_ORDER(m); + if (m->m_pkthdr.len < (int)sizeof(*h)) { action = PF_DROP; REASON_SET(&reason, PFRES_SHORT); Index: sys/contrib/pf/net/pf_ioctl.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/pf/net/pf_ioctl.c,v retrieving revision 1.50.2.4 diff -u -r1.50.2.4 pf_ioctl.c --- sys/contrib/pf/net/pf_ioctl.c 29 Feb 2012 09:47:26 -0000 1.50.2.4 +++ sys/contrib/pf/net/pf_ioctl.c 22 May 2012 14:37:44 -0000 @@ -4121,6 +4121,7 @@ if ((*m)->m_pkthdr.len >= (int)sizeof(struct ip)) { /* if m_pkthdr.len is less than ip header, pf will handle. */ + ASSERT_HOST_BYTE_ORDER(*m); h = mtod(*m, struct ip *); HTONS(h->ip_len); HTONS(h->ip_off); @@ -4134,6 +4135,7 @@ } if (*m != NULL) { /* pf_test can change ip header location */ + ASSERT_NET_BYTE_ORDER(*m); h = mtod(*m, struct ip *); NTOHS(h->ip_len); NTOHS(h->ip_off); @@ -4163,6 +4165,7 @@ } if ((*m)->m_pkthdr.len >= (int)sizeof(*h)) { /* if m_pkthdr.len is less than ip header, pf will handle. */ + ASSERT_HOST_BYTE_ORDER(*m); h = mtod(*m, struct ip *); HTONS(h->ip_len); HTONS(h->ip_off); @@ -4176,6 +4179,7 @@ } if (*m != NULL) { /* pf_test can change ip header location */ + ASSERT_NET_BYTE_ORDER(*m); h = mtod(*m, struct ip *); NTOHS(h->ip_len); NTOHS(h->ip_off); Index: sys/contrib/pf/net/pf_norm.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/pf/net/pf_norm.c,v retrieving revision 1.21.2.2 diff -u -r1.21.2.2 pf_norm.c --- sys/contrib/pf/net/pf_norm.c 29 Feb 2012 09:47:26 -0000 1.21.2.2 +++ sys/contrib/pf/net/pf_norm.c 22 May 2012 14:41:02 -0000 @@ -1190,6 +1190,8 @@ if (hlen < (int)sizeof(struct ip)) goto drop; + ASSERT_NET_BYTE_ORDER(m); + if (hlen > ntohs(h->ip_len)) goto drop; Index: sys/net/if_bridge.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_bridge.c,v retrieving revision 1.144.2.2 diff -u -r1.144.2.2 if_bridge.c --- sys/net/if_bridge.c 17 Mar 2012 12:11:53 -0000 1.144.2.2 +++ sys/net/if_bridge.c 22 May 2012 14:44:14 -0000 @@ -3142,6 +3142,7 @@ */ ip = mtod(*mp, struct ip *); + ASSERT_NET_BYTE_ORDER(*mp); ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); @@ -3195,6 +3196,7 @@ if (ip == NULL) goto bad; } + ASSERT_HOST_BYTE_ORDER(*mp); ip->ip_len = htons(ip->ip_len); ip->ip_off = htons(ip->ip_off); ip->ip_sum = 0; @@ -3332,6 +3334,7 @@ } /* Retrieve the packet length. */ + ASSERT_NET_BYTE_ORDER(m); len = ntohs(ip->ip_len); /* Index: sys/net/if_enc.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_enc.c,v retrieving revision 1.17.2.1 diff -u -r1.17.2.1 if_enc.c --- sys/net/if_enc.c 23 Sep 2011 00:51:37 -0000 1.17.2.1 +++ sys/net/if_enc.c 22 May 2012 14:43:27 -0000 @@ -274,6 +274,7 @@ * before calling the firewall, swap fields the same as * IP does. here we assume the header is contiguous */ + ASSERT_NET_BYTE_ORDER(*mp); ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); @@ -284,6 +285,7 @@ break; /* restore byte ordering */ + ASSERT_HOST_BYTE_ORDER(*mp); ip = mtod(*mp, struct ip *); ip->ip_len = htons(ip->ip_len); ip->ip_off = htons(ip->ip_off); Index: sys/net/pfil.c =================================================================== RCS file: /home/ncvs/src/sys/net/pfil.c,v retrieving revision 1.19.2.1 diff -u -r1.19.2.1 pfil.c --- sys/net/pfil.c 23 Sep 2011 00:51:37 -0000 1.19.2.1 +++ sys/net/pfil.c 22 May 2012 14:49:24 -0000 @@ -46,6 +46,8 @@ #include #include +#include +#include static struct mtx pfil_global_lock; @@ -79,10 +81,12 @@ for (pfh = pfil_hook_get(dir, ph); pfh != NULL; pfh = TAILQ_NEXT(pfh, pfil_link)) { if (pfh->pfil_func != NULL) { + ASSERT_HOST_BYTE_ORDER(m); rv = (*pfh->pfil_func)(pfh->pfil_arg, &m, ifp, dir, inp); if (rv != 0 || m == NULL) break; + ASSERT_HOST_BYTE_ORDER(m); } } PFIL_RUNLOCK(ph, &rmpt); Index: sys/netgraph/ng_ipfw.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_ipfw.c,v retrieving revision 1.21.2.1 diff -u -r1.21.2.1 ng_ipfw.c --- sys/netgraph/ng_ipfw.c 23 Sep 2011 00:51:37 -0000 1.21.2.1 +++ sys/netgraph/ng_ipfw.c 23 May 2012 13:57:52 -0000 @@ -268,6 +268,7 @@ switch (ip->ip_v) { #ifdef INET case IPVERSION: + ASSERT_NET_BYTE_ORDER(m); SET_HOST_IPLEN(ip); return (ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL)); Index: sys/netinet/ip_divert.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_divert.c,v retrieving revision 1.173.2.1 diff -u -r1.173.2.1 ip_divert.c --- sys/netinet/ip_divert.c 23 Sep 2011 00:51:37 -0000 1.173.2.1 +++ sys/netinet/ip_divert.c 22 May 2012 14:27:15 -0000 @@ -207,6 +207,7 @@ (m = m_pullup(m, sizeof(struct ip))) == 0) return; ip = mtod(m, struct ip *); + ASSERT_NET_BYTE_ORDER(m); /* Delayed checksums are currently not compatible with divert. */ if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { @@ -396,6 +397,7 @@ /* Convert fields to host order for ip_output() */ ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); + ASSERT_HOST_BYTE_ORDER(m); break; #ifdef INET6 case IPV6_VERSION >> 4: Index: sys/netinet/ip_fastfwd.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fastfwd.c,v retrieving revision 1.57.2.1 diff -u -r1.57.2.1 ip_fastfwd.c --- sys/netinet/ip_fastfwd.c 23 Sep 2011 00:51:37 -0000 1.57.2.1 +++ sys/netinet/ip_fastfwd.c 22 May 2012 14:46:00 -0000 @@ -179,6 +179,7 @@ M_ASSERTVALID(m); M_ASSERTPKTHDR(m); + ASSERT_NET_BYTE_ORDER(m); bzero(&ro, sizeof(ro)); @@ -343,6 +344,7 @@ /* * Convert to host representation */ + ASSERT_NET_BYTE_ORDER(m); ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); @@ -361,6 +363,7 @@ M_ASSERTVALID(m); M_ASSERTPKTHDR(m); + ASSERT_HOST_BYTE_ORDER(m); ip = mtod(m, struct ip *); /* m may have changed by pfil hook */ dest.s_addr = ip->ip_dst.s_addr; @@ -442,12 +445,14 @@ if (!PFIL_HOOKED(&V_inet_pfil_hook)) goto passout; + ASSERT_HOST_BYTE_ORDER(m); if (pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_OUT, NULL) || m == NULL) { goto drop; } M_ASSERTVALID(m); M_ASSERTPKTHDR(m); + ASSERT_HOST_BYTE_ORDER(m); ip = mtod(m, struct ip *); dest.s_addr = ip->ip_dst.s_addr; @@ -511,6 +516,7 @@ goto consumed; } + ASSERT_HOST_BYTE_ORDER(m); #ifndef ALTQ /* * Check if there is enough space in the interface queue Index: sys/netinet/ip_icmp.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v retrieving revision 1.145.2.2 diff -u -r1.145.2.2 ip_icmp.c --- sys/netinet/ip_icmp.c 19 Mar 2012 20:49:16 -0000 1.145.2.2 +++ sys/netinet/ip_icmp.c 22 May 2012 14:31:17 -0000 @@ -185,6 +185,7 @@ unsigned icmplen, icmpelen, nlen; KASSERT((u_int)type <= ICMP_MAXTYPE, ("%s: illegal ICMP type", __func__)); + ASSERT_HOST_BYTE_ORDER(n); #ifdef ICMPPRINTFS if (icmpprintfs) printf("icmp_error(%p, %x, %d)\n", oip, type, code); @@ -336,6 +337,7 @@ void (*ctlfunc)(int, struct sockaddr *, void *); int fibnum; + ASSERT_HOST_BYTE_ORDER(m); /* * Locate icmp structure in mbuf, and check * that not corrupted and of at least minimum length. @@ -866,6 +868,7 @@ register int hlen; register struct icmp *icp; + ASSERT_HOST_BYTE_ORDER(m); hlen = ip->ip_hl << 2; m->m_data += hlen; m->m_len -= hlen; Index: sys/netinet/ip_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_input.c,v retrieving revision 1.393.2.3 diff -u -r1.393.2.3 ip_input.c --- sys/netinet/ip_input.c 19 Mar 2012 20:49:16 -0000 1.393.2.3 +++ sys/netinet/ip_input.c 22 May 2012 14:23:45 -0000 @@ -385,6 +385,7 @@ struct in_addr odst; /* original dst address */ M_ASSERTPKTHDR(m); + ASSERT_NET_BYTE_ORDER(m); if (m->m_flags & M_FASTFWD_OURS) { /* @@ -467,6 +468,7 @@ goto bad; } ip->ip_off = ntohs(ip->ip_off); + ASSERT_HOST_BYTE_ORDER(m); /* * Check that the amount of data in the buffers @@ -1371,6 +1373,7 @@ struct route ro; int error, type = 0, code = 0, mtu = 0; + ASSERT_HOST_BYTE_ORDER(m); if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { IPSTAT_INC(ips_cantforward); m_freem(m); Index: sys/netinet/ip_ipsec.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_ipsec.c,v retrieving revision 1.28.2.1 diff -u -r1.28.2.1 ip_ipsec.c --- sys/netinet/ip_ipsec.c 23 Sep 2011 00:51:37 -0000 1.28.2.1 +++ sys/netinet/ip_ipsec.c 22 May 2012 14:25:41 -0000 @@ -346,6 +346,7 @@ (*m)->m_pkthdr.csum_flags &= ~CSUM_SCTP; } #endif + ASSERT_HOST_BYTE_ORDER(*m); ip->ip_len = htons(ip->ip_len); ip->ip_off = htons(ip->ip_off); Index: sys/netinet/ip_mroute.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_mroute.c,v retrieving revision 1.161.2.2 diff -u -r1.161.2.2 ip_mroute.c --- sys/netinet/ip_mroute.c 28 Mar 2012 12:45:35 -0000 1.161.2.2 +++ sys/netinet/ip_mroute.c 22 May 2012 14:32:54 -0000 @@ -1496,6 +1496,7 @@ vifi_t vifi; int plen = ip->ip_len; + ASSERT_HOST_BYTE_ORDER(m); VIF_LOCK_ASSERT(); /* @@ -2375,6 +2376,8 @@ struct mbuf *mb_copy = NULL; int mtu; + ASSERT_HOST_BYTE_ORDER(m); + /* Take care of delayed checksums */ if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { in_delayed_cksum(m); Index: sys/netinet/ip_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v retrieving revision 1.329.2.2 diff -u -r1.329.2.2 ip_output.c --- sys/netinet/ip_output.c 10 Nov 2011 20:28:30 -0000 1.329.2.2 +++ sys/netinet/ip_output.c 22 May 2012 14:47:14 -0000 @@ -133,6 +133,7 @@ int no_route_but_check_spd = 0; #endif M_ASSERTPKTHDR(m); + ASSERT_HOST_BYTE_ORDER(m); if (inp != NULL) { INP_LOCK_ASSERT(inp); @@ -434,6 +435,8 @@ } } + ASSERT_HOST_BYTE_ORDER(m); + /* * Verify that we have any chance at all of being able to queue the * packet or packet fragments, unless ALTQ is enabled on the given @@ -505,6 +508,7 @@ /* Run through list of hooks for output packets. */ odst.s_addr = ip->ip_dst.s_addr; + ASSERT_HOST_BYTE_ORDER(m); error = pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_OUT, inp); if (error != 0 || m == NULL) goto done; @@ -596,6 +600,7 @@ * If small enough for interface, or the interface will take * care of the fragmentation for us, we can just send directly. */ + ASSERT_HOST_BYTE_ORDER(m); if (ip->ip_len <= mtu || (m->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 || ((ip->ip_off & IP_DF) == 0 && (ifp->if_hwassist & CSUM_FRAGMENT))) { @@ -628,6 +633,7 @@ * to avoid confusing lower layers. */ m->m_flags &= ~(M_PROTOFLAGS); + ASSERT_NET_BYTE_ORDER(m); error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst, ro); goto done; @@ -716,6 +722,8 @@ if (len < 8) return EMSGSIZE; + ASSERT_HOST_BYTE_ORDER(m0); + /* * If the interface will not calculate checksums on * fragmented packets, then do it here. Index: sys/netinet/ipfw/ip_dn_io.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ipfw/ip_dn_io.c,v retrieving revision 1.14.2.1 diff -u -r1.14.2.1 ip_dn_io.c --- sys/netinet/ipfw/ip_dn_io.c 23 Sep 2011 00:51:37 -0000 1.14.2.1 +++ sys/netinet/ipfw/ip_dn_io.c 23 May 2012 06:26:56 -0000 @@ -650,6 +650,7 @@ tag->m_tag_id = 0; } + ASSERT_NET_BYTE_ORDER(m); switch (dst) { case DIR_OUT: SET_HOST_IPLEN(mtod(m, struct ip *)); Index: sys/netinet/ipfw/ip_fw2.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ipfw/ip_fw2.c,v retrieving revision 1.66.2.5 diff -u -r1.66.2.5 ip_fw2.c --- sys/netinet/ipfw/ip_fw2.c 23 Apr 2012 07:15:15 -0000 1.66.2.5 +++ sys/netinet/ipfw/ip_fw2.c 23 May 2012 06:26:04 -0000 @@ -942,6 +942,8 @@ if (m->m_flags & M_SKIP_FIREWALL || (! V_ipfw_vnet_ready)) return (IP_FW_PASS); /* accept */ + ASSERT_NET_BYTE_ORDER(m); + dst_ip.s_addr = 0; /* make sure it is initialized */ src_ip.s_addr = 0; /* make sure it is initialized */ pktlen = m->m_pkthdr.len; @@ -2411,6 +2413,7 @@ * ip_reass() expects len & off in host * byte order. */ + ASSERT_NET_BYTE_ORDER(m); SET_HOST_IPLEN(ip); args->m = m = ip_reass(m); @@ -2433,6 +2436,7 @@ ip->ip_sum = in_cksum(m, hlen); retval = IP_FW_REASS; set_match(args, f_pos, chain); + ASSERT_NET_BYTE_ORDER(m); } done = 1; /* exit outer loop */ break; Index: sys/netinet/ipfw/ip_fw_pfil.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ipfw/ip_fw_pfil.c,v retrieving revision 1.24.2.3 diff -u -r1.24.2.3 ip_fw_pfil.c --- sys/netinet/ipfw/ip_fw_pfil.c 6 Nov 2011 17:31:57 -0000 1.24.2.3 +++ sys/netinet/ipfw/ip_fw_pfil.c 23 May 2012 13:30:55 -0000 @@ -110,6 +110,7 @@ int ipfw; int ret; + ASSERT_HOST_BYTE_ORDER(*m0); /* all the processing now uses ip_len in net format */ if (mtod(*m0, struct ip *)->ip_v == 4) SET_NET_IPLEN(mtod(*m0, struct ip *)); @@ -119,6 +120,7 @@ bzero(&args, sizeof(args)); again: + ASSERT_NET_BYTE_ORDER(*m0); /* * extract and remove the tag if present. If we are left * with onepass, optimize the outgoing path. @@ -130,6 +132,7 @@ if (args.rule.info & IPFW_ONEPASS) { if (mtod(*m0, struct ip *)->ip_v == 4) SET_HOST_IPLEN(mtod(*m0, struct ip *)); + ASSERT_HOST_BYTE_ORDER(*m0); return (0); } } @@ -273,8 +276,10 @@ FREE_PKT(*m0); *m0 = NULL; } - if (*m0 && mtod(*m0, struct ip *)->ip_v == 4) + if (*m0 && mtod(*m0, struct ip *)->ip_v == 4) { SET_HOST_IPLEN(mtod(*m0, struct ip *)); + ASSERT_HOST_BYTE_ORDER(*m0); + } return ret; } @@ -292,6 +297,7 @@ struct ip *ip = mtod(*m0, struct ip *); struct m_tag *tag; + ASSERT_NET_BYTE_ORDER(*m0); /* Cloning needed for tee? */ if (tee == 0) { clone = *m0; /* use the original mbuf */ Index: sys/netipsec/ipsec_output.c =================================================================== RCS file: /home/ncvs/src/sys/netipsec/ipsec_output.c,v retrieving revision 1.33.2.2 diff -u -r1.33.2.2 ipsec_output.c --- sys/netipsec/ipsec_output.c 29 Feb 2012 09:47:26 -0000 1.33.2.2 +++ sys/netipsec/ipsec_output.c 23 May 2012 14:03:44 -0000 @@ -205,6 +205,7 @@ ip = mtod(m, struct ip *); ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); + ASSERT_HOST_BYTE_ORDER(m); #ifdef IPSEC_NAT_T /* Index: sys/netipsec/xform_ah.c =================================================================== RCS file: /home/ncvs/src/sys/netipsec/xform_ah.c,v retrieving revision 1.28.2.1 diff -u -r1.28.2.1 xform_ah.c --- sys/netipsec/xform_ah.c 23 Sep 2011 00:51:37 -0000 1.28.2.1 +++ sys/netipsec/xform_ah.c 23 May 2012 14:05:17 -0000 @@ -322,6 +322,7 @@ else ip->ip_off = 0; } + ASSERT_NET_BYTE_ORDER(m); ptr = mtod(m, unsigned char *) + sizeof(struct ip);