From owner-freebsd-net@FreeBSD.ORG Thu Sep 28 17:40:29 2006 Return-Path: X-Original-To: net@hub.freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95DFC16A52E for ; Thu, 28 Sep 2006 17:40:29 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D69543D45 for ; Thu, 28 Sep 2006 17:40:28 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k8SHeSkU068376 for ; Thu, 28 Sep 2006 17:40:28 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k8SHeSCh068375; Thu, 28 Sep 2006 17:40:28 GMT (envelope-from gnats) Date: Thu, 28 Sep 2006 17:40:28 GMT Message-Id: <200609281740.k8SHeSCh068375@freefall.freebsd.org> To: net@FreeBSD.org From: Bruce M Simpson Cc: Subject: Re: kern/95277: [netinet] IP Encapsulation mask_match() returns wrong results X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bruce M Simpson List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 17:40:29 -0000 The following reply was made to PR kern/95277; it has been noted by GNATS. From: Bruce M Simpson To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: kern/95277: [netinet] IP Encapsulation mask_match() returns wrong results Date: Thu, 28 Sep 2006 18:22:46 +0100 This is a multi-part message in MIME format. --------------080009040700000209070407 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I guess a patch for the desired behaviour would look something like this? More detail needed... --------------080009040700000209070407 Content-Type: text/x-patch; name="maskmatch.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="maskmatch.diff" ==== //depot/user/bms/nethead/sys/netinet/ip_encap.c#1 - /home/bms/fp4/nethead/sys/netinet/ip_encap.c ==== --- /tmp/tmp.41786.0 Thu Sep 28 18:21:51 2006 +++ /home/bms/fp4/nethead/sys/netinet/ip_encap.c Thu Sep 28 18:21:09 2006 @@ -403,6 +403,7 @@ const struct sockaddr *sp; const struct sockaddr *dp; { + const int hdrlen = offsetof(struct sockaddr, sa_data); struct sockaddr_storage s; struct sockaddr_storage d; int i; @@ -419,32 +420,28 @@ matchlen = 0; - p = (const u_int8_t *)sp; - q = (const u_int8_t *)&ep->srcmask; - r = (u_int8_t *)&s; - for (i = 0 ; i < sp->sa_len; i++) { + p = (const u_int8_t *)&sp->sa_data; + q = (const u_int8_t *)&ep->srcmask + hdrlen; + r = (u_int8_t *)&s + hdrlen; + for (i = 0 ; i < sp->sa_len - hdrlen; i++) { r[i] = p[i] & q[i]; /* XXX estimate */ matchlen += (q[i] ? 8 : 0); } - p = (const u_int8_t *)dp; - q = (const u_int8_t *)&ep->dstmask; - r = (u_int8_t *)&d; - for (i = 0 ; i < dp->sa_len; i++) { + p = (const u_int8_t *)&dp->sa_data; + q = (const u_int8_t *)&ep->dstmask + hdrlen; + r = (u_int8_t *)&d + hdrlen; + for (i = 0 ; i < dp->sa_len - hdrlen; i++) { r[i] = p[i] & q[i]; /* XXX rough estimate */ matchlen += (q[i] ? 8 : 0); } - /* need to overwrite len/family portion as we don't compare them */ - s.ss_len = sp->sa_len; - s.ss_family = sp->sa_family; - d.ss_len = dp->sa_len; - d.ss_family = dp->sa_family; - - if (bcmp(&s, &ep->src, ep->src.ss_len) == 0 && - bcmp(&d, &ep->dst, ep->dst.ss_len) == 0) { + if (bcmp((u_int8_t *)&s + hdrlen, (const u_int8_t *)&ep->src + hdrlen, + ep->src.ss_len - hdrlen) == 0 && + bcmp((u_int8_t *)&d + hdrlen, (const u_int8_t *)&ep->dst + hdrlen, + ep->dst.ss_len - hdrlen) == 0) { return matchlen; } else return 0; --------------080009040700000209070407--