From owner-freebsd-net@FreeBSD.ORG  Fri Oct  9 09:15:53 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 60ADE106566B
	for <freebsd-net@freebsd.org>; Fri,  9 Oct 2009 09:15:53 +0000 (UTC)
	(envelope-from jacques.fourie@gmail.com)
Received: from mail-fx0-f222.google.com (mail-fx0-f222.google.com
	[209.85.220.222])
	by mx1.freebsd.org (Postfix) with ESMTP id EB7278FC08
	for <freebsd-net@freebsd.org>; Fri,  9 Oct 2009 09:15:52 +0000 (UTC)
Received: by fxm22 with SMTP id 22so6372878fxm.36
	for <freebsd-net@freebsd.org>; Fri, 09 Oct 2009 02:15:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:date:message-id:subject
	:from:to:content-type;
	bh=NbeAIQdv549XNcR1IiKUOK5nRTQnsabXy5e1/AZvJTo=;
	b=S47GPD5mEDKF5z/AYp9jJ7WjNy7kNo4BNQUaWPFpYS8TAgQNt5YVULvXx+XlLLyWOr
	JFFz5NMqoBgmpdT/+4L4MUxbEhtM1/yLX2BGCiKbZAzBvhrwZRX8i61CCYSPqmKpVWys
	I79xw3mkHx+Mh/zHPK3IPndKcyYFHqcF9a1mg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=BLUx7+z8JONg1S3U2vjUUh4BLZa2B+vfinOl0ONAzYnrBN0U/Zk4hmae9YLyRCeDAR
	uhUPJ0Eo4ej8WiDiFUnQ6eKasrxG3iao8nByftX+M7a4IGg2hYA88oSYuQZgjj6BBi5j
	NP73MHu3ded0oPsUA2fqeWjX69+8OvVE8xgVw=
MIME-Version: 1.0
Received: by 10.86.232.5 with SMTP id e5mr2113751fgh.27.1255077962237; Fri, 09 
	Oct 2009 01:46:02 -0700 (PDT)
Date: Fri, 9 Oct 2009 10:46:02 +0200
Message-ID: <be2f52430910090146m78db28fbnd57362ab658e0278@mail.gmail.com>
From: Jacques Fourie <jacques.fourie@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: Route re-calculation in ip_output()
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2009 09:15:53 -0000

Hi,

I've noticed what I believe to be a bug in ip_output(). The piece of
code in question is when the firewall changes the destination address
of an outgoing packet and the subsequent re-calculation of the route.
The issue should be clear from the attached diff - basically what
happens is that for the second route lookup dst can point to
ro->ro_rt->rt_gateway instead of &ro->ro_dst. It seems as if this
issue is present on 7,8 and 9?
	
--- ip_output.c 2009-10-09 10:37:40.537408240 +0200
+++ /home/jacques/ip_output.c   2009-10-09 10:43:46.232819440 +0200
@@ -521,8 +521,10 @@
 #endif
                        error = netisr_queue(NETISR_IP, m);
                        goto done;
-               } else
+               } else {
+                       dst = (struct sockaddr_in *)&ro->ro_dst;
                        goto again;     /* Redo the routing table lookup. */
+               }


Regards,
Jacques