From owner-freebsd-hackers Wed Jan 29 14:47:28 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA27254 for hackers-outgoing; Wed, 29 Jan 1997 14:47:28 -0800 (PST) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA27246 for ; Wed, 29 Jan 1997 14:47:26 -0800 (PST) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id OAA19160; Wed, 29 Jan 1997 14:46:43 -0800 (PST) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma019158; Wed Jan 29 14:46:19 1997 Received: (from archie@localhost) by bubba.whistle.com (8.7.5/8.6.12) id OAA24842; Wed, 29 Jan 1997 14:46:19 -0800 (PST) From: Archie Cobbs Message-Id: <199701292246.OAA24842@bubba.whistle.com> Subject: Re: ipdivert & masqd In-Reply-To: <199701292130.NAA19395@gatekeeper> from Darren Reed at "Jan 30, 97 08:29:09 am" To: avalon@coombs.anu.edu.au (Darren Reed) Date: Wed, 29 Jan 1997 14:46:19 -0800 (PST) Cc: archie@whistle.com, terry@lambert.org, ari.suutari@ps.carel.fi, brian@awfulhak.demon.co.uk, hackers@freebsd.org, cmott@srv.net X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > The theory was that this loop avoidance was working too well, and > > seemed to be applying to packets other than the one that it was > > supposed to. What I'm trying to prove to myself is that this can't > > be happening. > > Does ip_divert_flag get set/reset inside or outside the loop in > ip_input() which dequeues packets ? (src isn't handy) Ah.. well, it doesn't get reset until ip_input() returns. Perhaps this is the problem... certainly if calling ip_input() with one packet can trigger the ipfw processing of other packets, that would be bad. [ checking source .. ] >From my reading it doesn't seem like this can happen. Packet fragments are queued up and then merged when the last packet arrives, but sending ip_input() a whole separate packet shouldn't trigger this. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com