From owner-svn-src-stable-9@FreeBSD.ORG Tue Nov 1 18:29:06 2011 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 991CC106566B; Tue, 1 Nov 2011 18:29:06 +0000 (UTC) (envelope-from qingli@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 6F1388FC19; Tue, 1 Nov 2011 18:29:06 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pA1IT6I7078716; Tue, 1 Nov 2011 18:29:06 GMT (envelope-from qingli@svn.freebsd.org) Received: (from qingli@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id pA1IT6PI078714; Tue, 1 Nov 2011 18:29:06 GMT (envelope-from qingli@svn.freebsd.org) Message-Id: <201111011829.pA1IT6PI078714@svn.freebsd.org> From: Qing Li Date: Tue, 1 Nov 2011 18:29:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r227002 - stable/9/sys/netinet X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Nov 2011 18:29:06 -0000 Author: qingli Date: Tue Nov 1 18:29:06 2011 New Revision: 227002 URL: http://svn.freebsd.org/changeset/base/227002 Log: MFC 226713 Exclude host routes when checking for prefix coverage on multiple interfaces. A host route has a NULL mask so check for that condition. I have also been told by developers who customize the packet output path with direct manipulation of the route entry (or the outgoing interface to be specific). This patch checks for the route mask explicitly to make sure custom code will not panic. PR: kern/161805 Approved by: re (kib) Modified: stable/9/sys/netinet/in.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/amd64/include/xen/ (props changed) stable/9/sys/boot/ (props changed) stable/9/sys/boot/i386/efi/ (props changed) stable/9/sys/boot/ia64/efi/ (props changed) stable/9/sys/boot/ia64/ski/ (props changed) stable/9/sys/boot/powerpc/boot1.chrp/ (props changed) stable/9/sys/boot/powerpc/ofw/ (props changed) stable/9/sys/cddl/contrib/opensolaris/ (props changed) stable/9/sys/conf/ (props changed) stable/9/sys/contrib/dev/acpica/ (props changed) stable/9/sys/contrib/octeon-sdk/ (props changed) stable/9/sys/contrib/pf/ (props changed) stable/9/sys/contrib/x86emu/ (props changed) Modified: stable/9/sys/netinet/in.c ============================================================================== --- stable/9/sys/netinet/in.c Tue Nov 1 18:28:33 2011 (r227001) +++ stable/9/sys/netinet/in.c Tue Nov 1 18:29:06 2011 (r227002) @@ -1431,12 +1431,21 @@ in_lltable_rtcheck(struct ifnet *ifp, u_ * on one interface and the corresponding outgoing packet leaves * another interface. */ - if (rt->rt_ifp != ifp) { + if (!(rt->rt_flags & RTF_HOST) && rt->rt_ifp != ifp) { const char *sa, *mask, *addr, *lim; int len; - sa = (const char *)rt_key(rt); mask = (const char *)rt_mask(rt); + /* + * Just being extra cautious to avoid some custom + * code getting into trouble. + */ + if (mask == NULL) { + RTFREE_LOCKED(rt); + return (EINVAL); + } + + sa = (const char *)rt_key(rt); addr = (const char *)l3addr; len = ((const struct sockaddr_in *)l3addr)->sin_len; lim = addr + len;