From owner-freebsd-net Mon Aug 26 18:32: 7 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4469737B400 for ; Mon, 26 Aug 2002 18:32:03 -0700 (PDT) Received: from cerberus.apdata.com.au (cerberus.apdata.com.au [202.14.95.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93D9943E77 for ; Mon, 26 Aug 2002 18:32:02 -0700 (PDT) (envelope-from ian@niw.com.au) Received: from localhost (localhost [127.0.0.1]) by cerberus.apdata.com.au (Postfix) with SMTP id 1BAA443D3A for ; Tue, 27 Aug 2002 11:02:01 +0930 (CST) Received: from axiom.niw.com.au (unknown [192.168.213.1]) by cerberus.apdata.com.au (Postfix) with ESMTP id 5A90A43D37 for ; Tue, 27 Aug 2002 11:02:00 +0930 (CST) Received: from localhost (localhost [127.0.0.1]) by axiom.niw.com.au (Postfix) with ESMTP id 5AE4D35EF6; Tue, 27 Aug 2002 11:01:59 +0930 (CST) Received: by axiom.niw.com.au (Postfix, from userid 1000) id 8FE2035EF2; Tue, 27 Aug 2002 11:01:58 +0930 (CST) Date: Tue, 27 Aug 2002 11:01:58 +0930 From: Ian West To: freebsd-net@freebsd.org Cc: Luigi Rizzo Subject: local fwd and ipfw2 on stable problem with port byte order. Message-ID: <20020827013158.GO499@axiom.niw.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-Virus-Scanned: by AMaViS perl-10 X-Virus-Scanned: by kavpostfix Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There is a small problem with ipfw2 running on -stable. The problem affects only the fwd command with a port number, such as the following ipfw add fwd 127.0.0.1,2048 tcp from any to any in via dc0 The problem is that port is already in network byte order when it arrives in next_hop->sin_port from ipfw2, but not from ipfw1. I think this may affect current as well, but I am not certain and have not tested it. The simplest patch seems to be the following, which bypasses the extra ntohs if IPFW2 is in use, otherwise it leaves it unchanged. This may or may not be a good solution :) My thinking is that the ipfw2 method has one less byte swap in the important packet handling code, and stores the port number in network byte order in the socket struct, all of which seems like a good idea. For these reasons a small change to tcp_input seems better than changes to ipfw2 ? Index: tcp_input.c =================================================================== RCS file: /cvs/freebsd/src/sys/netinet/tcp_input.c,v retrieving revision 1.107.2.27 diff -u -r1.107.2.27 tcp_input.c --- tcp_input.c 24 Aug 2002 18:40:25 -0000 1.107.2.27 +++ tcp_input.c 27 Aug 2002 00:45:29 -0000 @@ -536,7 +536,11 @@ inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport, next_hop->sin_addr, +#if IPFW2 + next_hop->sin_port, 1, +#else ntohs(next_hop->sin_port), 1, +#endif m->m_pkthdr.rcvif); } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message