From owner-freebsd-net@FreeBSD.ORG Fri Oct 9 19:37:26 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DA031065698 for ; Fri, 9 Oct 2009 19:37:26 +0000 (UTC) (envelope-from jacques.fourie@gmail.com) Received: from mail-fx0-f222.google.com (mail-fx0-f222.google.com [209.85.220.222]) by mx1.freebsd.org (Postfix) with ESMTP id B32738FC28 for ; Fri, 9 Oct 2009 19:37:25 +0000 (UTC) Received: by fxm22 with SMTP id 22so6822975fxm.36 for ; Fri, 09 Oct 2009 12:37:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=PvubUvJ/tGCHG34yr21jzV/JBhP+r3zLAa4x8ks2H5M=; b=KpTPDw4mvYsIqz3135UZcv+FZRViANf9Jf9Qw98KoTD5DnWrZ7Ufsp3EfPt7MX1gtm C38u/w1vRoqmHI9QRF62xeVlHtA2n+pNombNzw+ACpXITt/1pw93WI5jEUWZQfzEthak mYhg/qC8Fh5FWGEVKxxlCtKjqQ34qDXAZaXmI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=JQ2Hdcp5cKYs65D4lMGTfgtLCCFTkfaURVjnUYzcrYhmpcbHh2W3xDPfy5ABqfWw2N 5dBvn4ehh59rlIyt5xlCkpxCH97YhdwrBhNPegqjPEohoiXTLo3decXPWA7hBmeuLVsR SYi3dh/5ZHAMUwUrM8OwPLgOp7YFxE+PNtymk= MIME-Version: 1.0 Received: by 10.86.229.18 with SMTP id b18mr2776308fgh.34.1255117043224; Fri, 09 Oct 2009 12:37:23 -0700 (PDT) In-Reply-To: <4ACF5DA5.6060806@elischer.org> References: <4ACF5DA5.6060806@elischer.org> Date: Fri, 9 Oct 2009 21:37:22 +0200 Message-ID: From: Jacques Fourie To: Julian Elischer Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: Route re-calculation in ip_output() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2009 19:37:26 -0000 On Fri, Oct 9, 2009 at 5:58 PM, Julian Elischer wrote= : > Jacques Fourie wrote: >> >> Hi, >> >> I've noticed what I believe to be a bug in ip_output(). The piece of >> code in question is when the firewall changes the destination address >> of an outgoing packet and the subsequent re-calculation of the route. >> The issue should be clear from the attached diff - basically what >> happens is that for the second route lookup dst can point to >> ro->ro_rt->rt_gateway instead of &ro->ro_dst. It seems as if this >> issue is present on 7,8 and 9? > > Is this a problem? > generally, the aim of a fwd firewall rule is to set the next hop > (gateway). so this may be what is required.. > > >> >> --- ip_output.c 2009-10-09 10:37:40.537408240 +0200 >> +++ /home/jacques/ip_output.c =A0 2009-10-09 10:43:46.232819440 +0200 >> @@ -521,8 +521,10 @@ >> =A0#endif >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0error =3D netisr_queue(NE= TISR_IP, m); >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0goto done; >> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 } else >> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 } else { >> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dst =3D (struct sockaddr_i= n *)&ro->ro_dst; >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0goto again; =A0 =A0 /* Re= do the routing table lookup. >> */ >> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 } >> >> >> Regards, >> Jacques >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > If I understand everything correctly the handling of fwd rules seem to do exactly what I propose in the patch. See the code starting with 'if (fwd_tag) {' in ip_output.c? As far as I understand it fwd rules do not change the destination IP address in the mbuf so the patch will not affect the handling of fwd rules. Jacques