From owner-freebsd-bugs@FreeBSD.ORG  Fri Jan 21 17:20:34 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 696F316A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 21 Jan 2005 17:20:34 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E627243D4C
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 21 Jan 2005 17:20:33 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0LHKXpC044313
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 21 Jan 2005 17:20:33 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0LHKXpN044312;
	Fri, 21 Jan 2005 17:20:33 GMT
	(envelope-from gnats)
Resent-Date: Fri, 21 Jan 2005 17:20:33 GMT
Resent-Message-Id: <200501211720.j0LHKXpN044312@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Damien Mercier <damien.mercier@grosmi.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7F2FC16A4CE
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri, 21 Jan 2005 17:14:39 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 66D4043D1D
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri, 21 Jan 2005 17:14:39 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j0LHEdfX064544
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 21 Jan 2005 17:14:39 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j0LHEdPt064543;
	Fri, 21 Jan 2005 17:14:39 GMT
	(envelope-from nobody)
Message-Id: <200501211714.j0LHEdPt064543@www.freebsd.org>
Date: Fri, 21 Jan 2005 17:14:39 GMT
From: Damien Mercier <damien.mercier@grosmi.net>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Subject: kern/76539: ipnat + dummynet on output on same interface broken
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jan 2005 17:20:34 -0000


>Number:         76539
>Category:       kern
>Synopsis:       ipnat + dummynet on output on same interface broken
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 21 17:20:33 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Damien Mercier
>Release:        5.3-RELEASE-p8
>Organization:
>Environment:
FreeBSD test.grosmi.net 5.3-RELEASE-p5 FreeBSD 5.3-RELEASE-p5 #1: Fri Jan 21 17:35:16 CET 2005     root@test.grosmi.net:/usr/src/sys/i386/compile/FW3TEST  i386
>Description:
      This is really similar to kern/61685.
When ipnat and dummynet are configured on the same interface on output, the packet comming out of dummynet goes through ipnat a second time. If the dummynet ipfw rule is replaced by a simple pass rule, everything works correctly.
>How-To-Repeat:
      Configure ipnat and dummynet on the same output interface for the same packets going out. Try to send a packet that match those rules, and notice that you cannot establish a connection. Then ipnat -l shows that the packet is nat-ed twice.

Moreover if there are some ipf rules that should let the packet pass before the nat rule, but not after nat, ipf blocks the packet comming out of the dummynet (it is already nat-ed, and should go out directly).

On the test setup, there are also redirect rules on the input side, and the first attempt (on freebsd 4.x) hit the kern/61685 problem :(
>Fix:
In netinet/ip_dummynet.c add around line 454 :
 switch (pkt->dn_dir) {
 case DN_TO_IP_OUT:
 +  m->m_flags |= M_SKIP_FIREWALL;
    (void)ip_output(m, NULL, NULL, pkt->flags, NULL. NULL);

In netinet/ip_output.c, add around line 660 :
 if (inet_pfil_hook.ph_busy_count == -1)
    goto passout;
 + if (m->m_flags & M_SKIP_FIREWALL)
 +   goto passout;

>Release-Note:
>Audit-Trail:
>Unformatted: