From owner-freebsd-net@FreeBSD.ORG Fri Oct 9 15:58:26 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E974E106566B for ; Fri, 9 Oct 2009 15:58:26 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outD.internet-mail-service.net (outd.internet-mail-service.net [216.240.47.227]) by mx1.freebsd.org (Postfix) with ESMTP id D220A8FC14 for ; Fri, 9 Oct 2009 15:58:26 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id E1604E3133; Fri, 9 Oct 2009 08:58:26 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 491F82D601A; Fri, 9 Oct 2009 08:58:26 -0700 (PDT) Message-ID: <4ACF5DA5.6060806@elischer.org> Date: Fri, 09 Oct 2009 08:58:29 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Jacques Fourie References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Route re-calculation in ip_output() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2009 15:58:27 -0000 Jacques Fourie wrote: > Hi, > > I've noticed what I believe to be a bug in ip_output(). The piece of > code in question is when the firewall changes the destination address > of an outgoing packet and the subsequent re-calculation of the route. > The issue should be clear from the attached diff - basically what > happens is that for the second route lookup dst can point to > ro->ro_rt->rt_gateway instead of &ro->ro_dst. It seems as if this > issue is present on 7,8 and 9? Is this a problem? generally, the aim of a fwd firewall rule is to set the next hop (gateway). so this may be what is required.. > > --- ip_output.c 2009-10-09 10:37:40.537408240 +0200 > +++ /home/jacques/ip_output.c 2009-10-09 10:43:46.232819440 +0200 > @@ -521,8 +521,10 @@ > #endif > error = netisr_queue(NETISR_IP, m); > goto done; > - } else > + } else { > + dst = (struct sockaddr_in *)&ro->ro_dst; > goto again; /* Redo the routing table lookup. */ > + } > > > Regards, > Jacques > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"