Date: Thu, 1 Jul 2010 10:50:12 +0400 From: "Alexander Zagrebin" <alexz@visp.ru> To: <freebsd-current@freebsd.org>, <freebsd-net@freebsd.org> Subject: 8.1-RC2: bug in ng_ipfw (ng_ipfw doesn't return a packet back to ipfw) Message-ID: <FB42F5E7B867446C9AB4F3341FBCC607@vosz.local>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0777_01CB190B.2ECBBD70
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: 7bit
After upgrading from RELENG_8_0 to RELENG_8_1 (8.1-RC2)
I have noticed that ng_ipfw doesn't return a packet back to ipfw
after `ipfw add ... netgraph ...` due to the bug in the
sys/netgraph/ng_ipfw.c
The attached patch solves the problem.
--
Alexander
------=_NextPart_000_0777_01CB190B.2ECBBD70
Content-Type: application/octet-stream;
name="patch-sys-netgraph-ng_ipfw.c"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="patch-sys-netgraph-ng_ipfw.c"
--- sys/netgraph/ng_ipfw.c.orig 2010-06-16 08:55:21.021628270 +0400=0A=
+++ sys/netgraph/ng_ipfw.c 2010-07-01 10:29:09.561958484 +0400=0A=
@@ -221,20 +221,21 @@=0A=
static int=0A=
ng_ipfw_rcvdata(hook_p hook, item_p item)=0A=
{=0A=
- struct ipfw_rule_ref *tag;=0A=
+ struct m_tag *tag;=0A=
+ struct ipfw_rule_ref *r;=0A=
struct mbuf *m;=0A=
=0A=
NGI_GET_M(item, m);=0A=
NG_FREE_ITEM(item);=0A=
=0A=
- tag =3D (struct ipfw_rule_ref *)=0A=
- m_tag_locate(m, MTAG_IPFW_RULE, 0, NULL);=0A=
+ tag =3D m_tag_locate(m, MTAG_IPFW_RULE, 0, NULL);=0A=
if (tag =3D=3D NULL) {=0A=
NG_FREE_M(m);=0A=
return (EINVAL); /* XXX: find smth better */=0A=
};=0A=
=0A=
- if (tag->info & IPFW_INFO_IN) {=0A=
+ r =3D (struct ipfw_rule_ref *)(tag + 1);=0A=
+ if (r->info & IPFW_INFO_IN) {=0A=
ip_input(m);=0A=
return (0);=0A=
} else {=0A=
------=_NextPart_000_0777_01CB190B.2ECBBD70--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FB42F5E7B867446C9AB4F3341FBCC607>