Date: Thu, 1 Apr 2010 20:23:43 +0000 (UTC) From: Qing Li <qingli@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r206055 - stable/8/sys/net Message-ID: <201004012023.o31KNhct035675@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: qingli Date: Thu Apr 1 20:23:43 2010 New Revision: 206055 URL: http://svn.freebsd.org/changeset/base/206055 Log: MFC 205077 The flow-table module retrieves the destination and source address as well as the transport protocol port information from the outbound packets. The routing code is generic and compares every byte in the given sockaddr object. Therefore the temporary sockaddr objects must be cleared due to padding bytes. In addition, the port information must be stripped or the route search will either fail or return the incorrect route entry. Unit testing is done using OpenVPN over the if_tun interface. Modified: stable/8/sys/net/flowtable.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) stable/8/sys/dev/xen/xenpci/ (props changed) stable/8/sys/net/ (props changed) Modified: stable/8/sys/net/flowtable.c ============================================================================== --- stable/8/sys/net/flowtable.c Thu Apr 1 19:05:43 2010 (r206054) +++ stable/8/sys/net/flowtable.c Thu Apr 1 20:23:43 2010 (r206055) @@ -598,6 +598,8 @@ flowtable_lookup_mbuf4(struct flowtable dsin = (struct sockaddr_in *)&dsa; ssin = (struct sockaddr_in *)&ssa; + bzero(dsin, sizeof(*dsin)); + bzero(ssin, sizeof(*ssin)); flags = ft->ft_flags; if (ipv4_mbuf_demarshal(ft, m, ssin, dsin, &flags) != 0) return (NULL); @@ -801,6 +803,8 @@ flowtable_lookup_mbuf6(struct flowtable dsin6 = (struct sockaddr_in6 *)&dsa; ssin6 = (struct sockaddr_in6 *)&ssa; + bzero(dsin6, sizeof(*dsin6)); + bzero(ssin6, sizeof(*ssin6)); flags = ft->ft_flags; if (ipv6_mbuf_demarshal(ft, m, ssin6, dsin6, &flags) != 0) @@ -1130,6 +1134,14 @@ flowtable_lookup(struct flowtable *ft, s ro = &sro; memcpy(&ro->ro_dst, dsa, sizeof(struct sockaddr_in)); + /* + * The harvested source and destination addresses + * may contain port information if the packet is + * from a transport protocol (e.g. TCP/UDP). The + * port field must be cleared before performing + * a route lookup. + */ + ((struct sockaddr_in *)&ro->ro_dst)->sin_port = 0; dsin = (struct sockaddr_in *)dsa; ssin = (struct sockaddr_in *)ssa; if ((dsin->sin_addr.s_addr == ssin->sin_addr.s_addr) || @@ -1147,6 +1159,7 @@ flowtable_lookup(struct flowtable *ft, s ro = (struct route *)&sro6; memcpy(&sro6.ro_dst, dsa, sizeof(struct sockaddr_in6)); + ((struct sockaddr_in6 *)&ro->ro_dst)->sin6_port = 0; dsin6 = (struct sockaddr_in6 *)dsa; ssin6 = (struct sockaddr_in6 *)ssa;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004012023.o31KNhct035675>