From owner-freebsd-net@FreeBSD.ORG Fri Oct 9 09:15:53 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 60ADE106566B for ; Fri, 9 Oct 2009 09:15:53 +0000 (UTC) (envelope-from jacques.fourie@gmail.com) Received: from mail-fx0-f222.google.com (mail-fx0-f222.google.com [209.85.220.222]) by mx1.freebsd.org (Postfix) with ESMTP id EB7278FC08 for ; Fri, 9 Oct 2009 09:15:52 +0000 (UTC) Received: by fxm22 with SMTP id 22so6372878fxm.36 for ; Fri, 09 Oct 2009 02:15:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=NbeAIQdv549XNcR1IiKUOK5nRTQnsabXy5e1/AZvJTo=; b=S47GPD5mEDKF5z/AYp9jJ7WjNy7kNo4BNQUaWPFpYS8TAgQNt5YVULvXx+XlLLyWOr JFFz5NMqoBgmpdT/+4L4MUxbEhtM1/yLX2BGCiKbZAzBvhrwZRX8i61CCYSPqmKpVWys I79xw3mkHx+Mh/zHPK3IPndKcyYFHqcF9a1mg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=BLUx7+z8JONg1S3U2vjUUh4BLZa2B+vfinOl0ONAzYnrBN0U/Zk4hmae9YLyRCeDAR uhUPJ0Eo4ej8WiDiFUnQ6eKasrxG3iao8nByftX+M7a4IGg2hYA88oSYuQZgjj6BBi5j NP73MHu3ded0oPsUA2fqeWjX69+8OvVE8xgVw= MIME-Version: 1.0 Received: by 10.86.232.5 with SMTP id e5mr2113751fgh.27.1255077962237; Fri, 09 Oct 2009 01:46:02 -0700 (PDT) Date: Fri, 9 Oct 2009 10:46:02 +0200 Message-ID: From: Jacques Fourie To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Route re-calculation in ip_output() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2009 09:15:53 -0000 Hi, I've noticed what I believe to be a bug in ip_output(). The piece of code in question is when the firewall changes the destination address of an outgoing packet and the subsequent re-calculation of the route. The issue should be clear from the attached diff - basically what happens is that for the second route lookup dst can point to ro->ro_rt->rt_gateway instead of &ro->ro_dst. It seems as if this issue is present on 7,8 and 9? --- ip_output.c 2009-10-09 10:37:40.537408240 +0200 +++ /home/jacques/ip_output.c 2009-10-09 10:43:46.232819440 +0200 @@ -521,8 +521,10 @@ #endif error = netisr_queue(NETISR_IP, m); goto done; - } else + } else { + dst = (struct sockaddr_in *)&ro->ro_dst; goto again; /* Redo the routing table lookup. */ + } Regards, Jacques