From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 25 17:40:03 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0F2D1065694 for ; Fri, 25 Feb 2011 17:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6FDAC8FC15 for ; Fri, 25 Feb 2011 17:40:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p1PHe3Q1025043 for ; Fri, 25 Feb 2011 17:40:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p1PHe3Ca025042; Fri, 25 Feb 2011 17:40:03 GMT (envelope-from gnats) Date: Fri, 25 Feb 2011 17:40:03 GMT Message-Id: <201102251740.p1PHe3Ca025042@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Sergey Matveychuk Cc: Subject: Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Sergey Matveychuk List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Feb 2011 17:40:03 -0000 The following reply was made to PR kern/128260; it has been noted by GNATS. From: Sergey Matveychuk To: bug-followup@FreeBSD.org, dan@obluda.cz Cc: Julian Elischer Subject: Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets Date: Fri, 25 Feb 2011 20:14:50 +0300 This is a multi-part message in MIME format. --------------080106090909020900000003 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Here is my patch for IPv6 divert. It works for me, but it should be reviewed and may be improved. I've touched nd6.c to prevent looping packet to local address (loopback). Any questions are welcome. --------------080106090909020900000003 Content-Type: text/plain; name="divert-ipv6.diff.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="divert-ipv6.diff.txt" LS0tIHN5cy9uZXRpbmV0L2lwZncvaXBfZndfcGZpbC5jLm9yaWcJMjAxMS0wMi0yNSAxNzo0 OToxNS4wMDAwMDAwMDAgKzAzMDAKKysrIHN5cy9uZXRpbmV0L2lwZncvaXBfZndfcGZpbC5j CTIwMTEtMDItMjUgMTc6NDk6MjcuMDAwMDAwMDAwICswMzAwCkBAIC0yODksNyArMjg5LDcg QEAKIAkgKiB3ZSBjYW4gZG8gaXQgYmVmb3JlIGEgJ3RlZScuCiAJICovCiAJaXAgPSBtdG9k KGNsb25lLCBzdHJ1Y3QgaXAgKik7Ci0JaWYgKCF0ZWUgJiYgbnRvaHMoaXAtPmlwX29mZikg JiAoSVBfTUYgfCBJUF9PRkZNQVNLKSkgeworCWlmIChpcC0+aXBfdiA9PSA0ICYmICF0ZWUg JiYgbnRvaHMoaXAtPmlwX29mZikgJiAoSVBfTUYgfCBJUF9PRkZNQVNLKSkgewogCQlpbnQg aGxlbjsKIAkJc3RydWN0IG1idWYgKnJlYXNzOwogCi0tLSBzeXMvbmV0aW5ldC9pcF9kaXZl cnQuYy5vcmlnCTIwMTEtMDItMjUgMTc6NDk6MDQuMDAwMDAwMDAwICswMzAwCisrKyBzeXMv bmV0aW5ldC9pcF9kaXZlcnQuYwkyMDExLTAyLTI1IDE3OjQ5OjM2LjAwMDAwMDAwMCArMDMw MApAQCAtNjksNiArNjksOCBAQAogI2luY2x1ZGUgPG5ldGluZXQvaW5fdmFyLmg+CiAjaW5j bHVkZSA8bmV0aW5ldC9pcC5oPgogI2luY2x1ZGUgPG5ldGluZXQvaXBfdmFyLmg+CisjaW5j bHVkZSA8bmV0aW5ldC9pcDYuaD4KKyNpbmNsdWRlIDxuZXRpbmV0Ni9pcDZfdmFyLmg+CiAj aWZkZWYgU0NUUAogI2luY2x1ZGUgPG5ldGluZXQvc2N0cF9jcmMzMi5oPgogI2VuZGlmCkBA IC0zODksNzEgKzM5MSw3OCBAQAogCS8qIFJlaW5qZWN0IHBhY2tldCBpbnRvIHRoZSBzeXN0 ZW0gYXMgaW5jb21pbmcgb3Igb3V0Z29pbmcgKi8KIAlpZiAoIXNpbiB8fCBzaW4tPnNpbl9h ZGRyLnNfYWRkciA9PSAwKSB7CiAJCXN0cnVjdCBpcCAqY29uc3QgaXAgPSBtdG9kKG0sIHN0 cnVjdCBpcCAqKTsKKyNpZmRlZiBJTkVUNgorCQlzdHJ1Y3QgaXA2X2hkciAqY29uc3QgaXA2 ID0gbXRvZChtLCBzdHJ1Y3QgaXA2X2hkciAqKTsKKyNlbmRpZgogCQlzdHJ1Y3QgaW5wY2Ig KmlucDsKIAogCQlkdC0+aW5mbyB8PSBJUEZXX0lTX0RJVkVSVCB8IElQRldfSU5GT19PVVQ7 CiAJCWlucCA9IHNvdG9pbnBjYihzbyk7CiAJCUlOUF9STE9DSyhpbnApOwotCQkvKgotCQkg KiBEb24ndCBhbGxvdyBib3RoIHVzZXIgc3BlY2lmaWVkIGFuZCBzZXRzb2Nrb3B0IG9wdGlv bnMsCi0JCSAqIGFuZCBkb24ndCBhbGxvdyBwYWNrZXQgbGVuZ3RoIHNpemVzIHRoYXQgd2ls bCBjcmFzaAotCQkgKi8KLQkJaWYgKCgoaXAtPmlwX2hsICE9IChzaXplb2YgKCppcCkgPj4g MikpICYmIGlucC0+aW5wX29wdGlvbnMpIHx8Ci0JCSAgICAgKCh1X3Nob3J0KW50b2hzKGlw LT5pcF9sZW4pID4gbS0+bV9wa3RoZHIubGVuKSkgewotCQkJZXJyb3IgPSBFSU5WQUw7Ci0J CQlJTlBfUlVOTE9DSyhpbnApOwotCQkJbV9mcmVlbShtKTsKLQkJfSBlbHNlIHsKKworCQlp ZihpcC0+aXBfdiA9PSA0KSB7CiAJCQkvKiBDb252ZXJ0IGZpZWxkcyB0byBob3N0IG9yZGVy IGZvciBpcF9vdXRwdXQoKSAqLwogCQkJaXAtPmlwX2xlbiA9IG50b2hzKGlwLT5pcF9sZW4p OwogCQkJaXAtPmlwX29mZiA9IG50b2hzKGlwLT5pcF9vZmYpOworCQl9CisjaWZkZWYgSU5F VDYJCQorCQllbHNlCisJCQlpcDYtPmlwNl9wbGVuID0gbnRvaHMoaXA2LT5pcDZfcGxlbik7 CisjZW5kaWYKIAotCQkJLyogU2VuZCBwYWNrZXQgdG8gb3V0cHV0IHByb2Nlc3NpbmcgKi8K LQkJCUtNT0RfSVBTVEFUX0lOQyhpcHNfcmF3b3V0KTsJCS8qIFhYWCAqLworCQkvKiBTZW5k IHBhY2tldCB0byBvdXRwdXQgcHJvY2Vzc2luZyAqLworCQlLTU9EX0lQU1RBVF9JTkMoaXBz X3Jhd291dCk7CQkvKiBYWFggKi8KIAogI2lmZGVmIE1BQwotCQkJbWFjX2lucGNiX2NyZWF0 ZV9tYnVmKGlucCwgbSk7CisJCW1hY19pbnBjYl9jcmVhdGVfbWJ1ZihpbnAsIG0pOwogI2Vu ZGlmCi0JCQkvKgotCQkJICogR2V0IHJlYWR5IHRvIGluamVjdCB0aGUgcGFja2V0IGludG8g aXBfb3V0cHV0KCkuCi0JCQkgKiBKdXN0IGluIGNhc2Ugc29ja2V0IG9wdGlvbnMgd2VyZSBz cGVjaWZpZWQgb24gdGhlCi0JCQkgKiBkaXZlcnQgc29ja2V0LCB3ZSBkdXBsaWNhdGUgdGhl bS4gIFRoaXMgaXMgZG9uZQotCQkJICogdG8gYXZvaWQgaGF2aW5nIHRvIGhvbGQgdGhlIFBD QiBsb2NrcyBvdmVyIHRoZSBjYWxsCi0JCQkgKiB0byBpcF9vdXRwdXQoKSwgYXMgZG9pbmcg dGhpcyByZXN1bHRzIGluIGEgbnVtYmVyIG9mCi0JCQkgKiBsb2NrIG9yZGVyaW5nIGNvbXBs ZXhpdGllcy4KLQkJCSAqCi0JCQkgKiBOb3RlIHRoYXQgd2Ugc2V0IHRoZSBtdWx0aWNhc3Qg b3B0aW9ucyBhcmd1bWVudCBmb3IKLQkJCSAqIGlwX291dHB1dCgpIHRvIE5VTEwgc2luY2Ug aXQgc2hvdWxkIGJlIGludmFyaWFudCB0aGF0Ci0JCQkgKiB0aGV5IGFyZSBub3QgcHJlc2Vu dC4KLQkJCSAqLwotCQkJS0FTU0VSVChpbnAtPmlucF9tb3B0aW9ucyA9PSBOVUxMLAotCQkJ ICAgICgibXVsdGljYXN0IG9wdGlvbnMgc2V0IG9uIGEgZGl2ZXJ0IHNvY2tldCIpKTsKLQkJ CW9wdGlvbnMgPSBOVUxMOwotCQkJLyoKLQkJCSAqIFhYWENTSlA6IEl0IGlzIHVuY2xlYXIg dG8gbWUgd2hldGhlciBvciBub3QgaXQgbWFrZXMKLQkJCSAqIHNlbnNlIGZvciBkaXZlcnQg c29ja2V0cyB0byBoYXZlIG9wdGlvbnMuICBIb3dldmVyLAotCQkJICogZm9yIG5vdyB3ZSB3 aWxsIGR1cGxpY2F0ZSB0aGVtIHdpdGggdGhlIElOUCBsb2NrcwotCQkJICogaGVsZCBzbyB3 ZSBjYW4gdXNlIHRoZW0gaW4gaXBfb3V0cHV0KCkgd2l0aG91dAotCQkJICogcmVxdXJpbmcg YSByZWZlcmVuY2UgdG8gdGhlIHBjYi4KLQkJCSAqLwotCQkJaWYgKGlucC0+aW5wX29wdGlv bnMgIT0gTlVMTCkgewotCQkJCW9wdGlvbnMgPSBtX2R1cChpbnAtPmlucF9vcHRpb25zLCBN X0RPTlRXQUlUKTsKLQkJCQlpZiAob3B0aW9ucyA9PSBOVUxMKQotCQkJCQllcnJvciA9IEVO T0JVRlM7Ci0JCQl9Ci0JCQlJTlBfUlVOTE9DSyhpbnApOwotCQkJaWYgKGVycm9yID09IEVO T0JVRlMpIHsKLQkJCQltX2ZyZWVtKG0pOwotCQkJCXJldHVybiAoZXJyb3IpOwotCQkJfQot CQkJZXJyb3IgPSBpcF9vdXRwdXQobSwgb3B0aW9ucywgTlVMTCwKLQkJCSAgICAoKHNvLT5z b19vcHRpb25zICYgU09fRE9OVFJPVVRFKSA/Ci0JCQkgICAgSVBfUk9VVEVUT0lGIDogMCkg fCBJUF9BTExPV0JST0FEQ0FTVCB8Ci0JCQkgICAgSVBfUkFXT1VUUFVULCBOVUxMLCBOVUxM KTsKLQkJCWlmIChvcHRpb25zICE9IE5VTEwpCi0JCQkJbV9mcmVlbShvcHRpb25zKTsKKwkJ LyoKKwkJICogR2V0IHJlYWR5IHRvIGluamVjdCB0aGUgcGFja2V0IGludG8gaXBfb3V0cHV0 KCkuCisJCSAqIEp1c3QgaW4gY2FzZSBzb2NrZXQgb3B0aW9ucyB3ZXJlIHNwZWNpZmllZCBv biB0aGUKKwkJICogZGl2ZXJ0IHNvY2tldCwgd2UgZHVwbGljYXRlIHRoZW0uICBUaGlzIGlz IGRvbmUKKwkJICogdG8gYXZvaWQgaGF2aW5nIHRvIGhvbGQgdGhlIFBDQiBsb2NrcyBvdmVy IHRoZSBjYWxsCisJCSAqIHRvIGlwX291dHB1dCgpLCBhcyBkb2luZyB0aGlzIHJlc3VsdHMg aW4gYSBudW1iZXIgb2YKKwkJICogbG9jayBvcmRlcmluZyBjb21wbGV4aXRpZXMuCisJCSAq CisJCSAqIE5vdGUgdGhhdCB3ZSBzZXQgdGhlIG11bHRpY2FzdCBvcHRpb25zIGFyZ3VtZW50 IGZvcgorCQkgKiBpcF9vdXRwdXQoKSB0byBOVUxMIHNpbmNlIGl0IHNob3VsZCBiZSBpbnZh cmlhbnQgdGhhdAorCQkgKiB0aGV5IGFyZSBub3QgcHJlc2VudC4KKwkJICovCisJCUtBU1NF UlQoaW5wLT5pbnBfbW9wdGlvbnMgPT0gTlVMTCwKKwkJICAgICgibXVsdGljYXN0IG9wdGlv bnMgc2V0IG9uIGEgZGl2ZXJ0IHNvY2tldCIpKTsKKwkJb3B0aW9ucyA9IE5VTEw7CisJCS8q CisJCSAqIFhYWENTSlA6IEl0IGlzIHVuY2xlYXIgdG8gbWUgd2hldGhlciBvciBub3QgaXQg bWFrZXMKKwkJICogc2Vuc2UgZm9yIGRpdmVydCBzb2NrZXRzIHRvIGhhdmUgb3B0aW9ucy4g IEhvd2V2ZXIsCisJCSAqIGZvciBub3cgd2Ugd2lsbCBkdXBsaWNhdGUgdGhlbSB3aXRoIHRo ZSBJTlAgbG9ja3MKKwkJICogaGVsZCBzbyB3ZSBjYW4gdXNlIHRoZW0gaW4gaXBfb3V0cHV0 KCkgd2l0aG91dAorCQkgKiByZXF1cmluZyBhIHJlZmVyZW5jZSB0byB0aGUgcGNiLgorCQkg Ki8KKwkJaWYgKGlucC0+aW5wX29wdGlvbnMgIT0gTlVMTCkgeworCQkJb3B0aW9ucyA9IG1f ZHVwKGlucC0+aW5wX29wdGlvbnMsIE1fRE9OVFdBSVQpOworCQkJaWYgKG9wdGlvbnMgPT0g TlVMTCkKKwkJCQllcnJvciA9IEVOT0JVRlM7CiAJCX0KKwkJSU5QX1JVTkxPQ0soaW5wKTsK KwkJaWYgKGVycm9yID09IEVOT0JVRlMpIHsKKwkJCW1fZnJlZW0obSk7CisJCQlyZXR1cm4g KGVycm9yKTsKKwkJfQorCQlpZihpcC0+aXBfdiA9PSA0KQorCQkgICAgZXJyb3IgPSBpcF9v dXRwdXQobSwgb3B0aW9ucywgTlVMTCwKKwkJCSgoc28tPnNvX29wdGlvbnMgJiBTT19ET05U Uk9VVEUpID8KKwkJCUlQX1JPVVRFVE9JRiA6IDApIHwgSVBfQUxMT1dCUk9BRENBU1QgfAor CQkJSVBfUkFXT1VUUFVULCBOVUxMLCBOVUxMKTsKKyNpZmRlZiBJTkVUNgorCQllbHNlCisJ CSAgICBlcnJvciA9IGlwNl9vdXRwdXQobSwgTlVMTCwgTlVMTCwgMCwgCisJCQlOVUxMLCBO VUxMLCBOVUxMKTsKKyNlbmRpZgorCQlpZiAob3B0aW9ucyAhPSBOVUxMKQorCQkJbV9mcmVl bShvcHRpb25zKTsKIAl9IGVsc2UgeworCQlzdHJ1Y3QgaXAgKmNvbnN0IGlwID0gbXRvZCht LCBzdHJ1Y3QgaXAgKik7CisKIAkJZHQtPmluZm8gfD0gSVBGV19JU19ESVZFUlQgfCBJUEZX X0lORk9fSU47CiAJCWlmIChtLT5tX3BrdGhkci5yY3ZpZiA9PSBOVUxMKSB7CiAJCQkvKgpA QCAtNDc3LDcgKzQ4NiwxMiBAQAogCQltYWNfc29ja2V0X2NyZWF0ZV9tYnVmKHNvLCBtKTsK ICNlbmRpZgogCQkvKiBTZW5kIHBhY2tldCB0byBpbnB1dCBwcm9jZXNzaW5nIHZpYSBuZXRp c3IgKi8KLQkJbmV0aXNyX3F1ZXVlX3NyYyhORVRJU1JfSVAsICh1aW50cHRyX3Qpc28sIG0p OworCQlpZihpcC0+aXBfdiA9PSA0KQorCQkgICAgbmV0aXNyX3F1ZXVlX3NyYyhORVRJU1Jf SVAsICh1aW50cHRyX3Qpc28sIG0pOworI2lmZGVmIElORVQ2CisJCWVsc2UKKwkJICAgIG5l dGlzcl9xdWV1ZV9zcmMoTkVUSVNSX0lQVjYsICh1aW50cHRyX3Qpc28sIG0pOworI2VuZGlm CiAJfQogCiAJcmV0dXJuIGVycm9yOwotLS0gc3lzL25ldGluZXQ2L25kNi5jLm9yaWcJMjAx MS0wMi0yNSAxNzo0ODo1NC4wMDAwMDAwMDAgKzAzMDAKKysrIHN5cy9uZXRpbmV0Ni9uZDYu YwkyMDExLTAyLTI1IDE3OjQ5OjUxLjAwMDAwMDAwMCArMDMwMApAQCAtMTkyOCwxMCArMTky OCw2IEBACiAJCX0KIAkJcmV0dXJuIChlcnJvcik7CiAJfQotCWlmICgoaWZwLT5pZl9mbGFn cyAmIElGRl9MT09QQkFDSykgIT0gMCkgewotCQlyZXR1cm4gKCgqaWZwLT5pZl9vdXRwdXQp KG9yaWdpZnAsIG0sIChzdHJ1Y3Qgc29ja2FkZHIgKilkc3QsCi0JCSAgICBOVUxMKSk7Ci0J fQogCWVycm9yID0gKCppZnAtPmlmX291dHB1dCkoaWZwLCBtLCAoc3RydWN0IHNvY2thZGRy ICopZHN0LCBOVUxMKTsKIAlyZXR1cm4gKGVycm9yKTsKIAo= --------------080106090909020900000003--