Site Navigation

Date:      Mon, 6 Jul 1998 01:34:43 -0700 (PDT)
From:      Julian Elischer <julian@whistle.com>
To:        Akihiko Hayashi <hayashi@totalware.gifu.gifu.jp>
Cc:        freebsd-stable@FreeBSD.ORG, Enoch Ceshkovsky <Shadey@home.com>, Matt Wilbur <matt@marshotel.coapt.com>
Subject:   Re: Natd/LibAlias/IPDivert problems
Message-ID:  <Pine.BSF.3.95.980706013201.11949F-100000@current1.whistle.com>
In-Reply-To: <199807060821.RAA09806@ns.totalware.gifu.gifu.jp>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

please try the following patch (or get the commits I just did).

Index: ip_divert.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_divert.c,v
retrieving revision 1.1.2.10
diff -c -r1.1.2.10 ip_divert.c
*** ip_divert.c	1998/07/01 01:38:34	1.1.2.10
--- ip_divert.c	1998/07/06 08:28:21
***************
*** 156,174 ****
  	}
  	ip = mtod(m, struct ip *);
  
! 	/* Record divert port */
! #ifndef IPFW_DIVERT_RESTART
! 	divsrc.sin_port = htons(ip_divert_port);
! #else
  	divsrc.sin_port = ip_divert_cookie;
! #endif /* IPFW_DIVERT_RESTART */
  
  	/* Restore packet header fields */
  	ip->ip_len += hlen;
  	HTONS(ip->ip_len);
  	HTONS(ip->ip_off);
  
! 	/* Record receive interface address, if any */
  	divsrc.sin_addr.s_addr = 0;
  	if (hlen) {
  		struct ifaddr *ifa;
--- 156,174 ----
  	}
  	ip = mtod(m, struct ip *);
  
! 	/* Record divert cookie */
  	divsrc.sin_port = ip_divert_cookie;
! 	ip_divert_cookie = 0;
  
  	/* Restore packet header fields */
  	ip->ip_len += hlen;
  	HTONS(ip->ip_len);
  	HTONS(ip->ip_off);
  
! 	/*
! 	 * Record receive interface address, if any 
! 	 * But only for incoming packets.
! 	 */
  	divsrc.sin_addr.s_addr = 0;
  	if (hlen) {
  		struct ifaddr *ifa;
***************
*** 194,199 ****
--- 194,202 ----
  			break;
  		}
  	}
+ 	/*
+ 	 * Record the incoming interface name whenever we have one.
+ 	 */
  	if (m->m_pkthdr.rcvif) {
  		char	name[32];
  		
***************
*** 226,231 ****
--- 229,235 ----
  		if (inp->inp_lport == htons(ip_divert_port))
  			sa = inp->inp_socket;
  	}
+ 	ip_divert_port = 0;
  	if (sa) {
  		if (sbappendaddr(&sa->so_rcv, (struct sockaddr *)&divsrc,
  				m, (struct mbuf *)0) == 0)
***************
*** 267,277 ****
  
  	/* Loopback avoidance */
  	if (sin) {
- #ifndef IPFW_DIVERT_RESTART
- 		ip_divert_cookie = ntohs(sin->sin_port);
- #else
  		ip_divert_cookie = sin->sin_port;
- #endif /* IPFW_DIVERT_RESTART */
  	} else {
  		ip_divert_cookie = 0;
  	}
--- 271,277 ----
Index: ip_fw.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
retrieving revision 1.51.2.15
diff -c -r1.51.2.15 ip_fw.c
*** ip_fw.c	1998/07/01 01:38:35	1.51.2.15
--- ip_fw.c	1998/07/06 08:28:24
***************
*** 399,407 ****
  #ifdef	IPFW_DIVERT_RESTART
  	u_int16_t skipto = *cookie;
  #else
! 	u_int16_t ignport = *cookie;
  #endif
  
  	/*
  	 * Go down the chain, looking for enlightment
  	 * #ifdef IPFW_DIVERT_RESTART
--- 399,408 ----
  #ifdef	IPFW_DIVERT_RESTART
  	u_int16_t skipto = *cookie;
  #else
! 	u_int16_t ignport = ntohs(*cookie);
  #endif
  
+ 	*cookie = 0;
  	/*
  	 * Go down the chain, looking for enlightment
  	 * #ifdef IPFW_DIVERT_RESTART
***************
*** 601,607 ****
  #ifdef IPFW_DIVERT_RESTART
  			*cookie = f->fw_number;
  #else
! 			*cookie = f->fw_divert_port;
  #endif /* IPFW_DIVERT_RESTART */
  			return(f->fw_divert_port);
  		case IP_FW_F_TEE:
--- 602,608 ----
  #ifdef IPFW_DIVERT_RESTART
  			*cookie = f->fw_number;
  #else
! 			*cookie = htons(f->fw_divert_port);
  #endif /* IPFW_DIVERT_RESTART */
  			return(f->fw_divert_port);
  		case IP_FW_F_TEE:
Index: ip_input.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_input.c,v
retrieving revision 1.50.2.16
diff -c -r1.50.2.16 ip_input.c
*** ip_input.c	1998/07/01 01:38:36	1.50.2.16
--- ip_input.c	1998/07/06 08:28:30
***************
*** 332,349 ****
  
  #ifdef COMPAT_IPFW
  	if (ip_fw_chk_ptr) {
- #ifdef IPDIVERT
  		u_short port;
  
  		port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, &ip_divert_cookie, &m);
  		if (port) {			/* Divert packet */
  			frag_divert_port = port;
  			goto ours;
  		}
  #else
- 		u_int16_t	dummy	= 0;
  		/* If ipfw says divert, we have to just drop packet */
! 		if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, &dummy, &m)) {
  			m_freem(m);
  			m = NULL;
  		}
--- 332,350 ----
  
  #ifdef COMPAT_IPFW
  	if (ip_fw_chk_ptr) {
  		u_short port;
  
+ #ifdef IPDIVERT
  		port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, &ip_divert_cookie, &m);
  		if (port) {			/* Divert packet */
  			frag_divert_port = port;
  			goto ours;
  		}
  #else
  		/* If ipfw says divert, we have to just drop packet */
! 		/* use port as a dummy argument */
! 		port = 0;
! 		if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, &port, &m)) {
  			m_freem(m);
  			m = NULL;
  		}
***************
*** 552,557 ****
--- 553,560 ----
  #ifdef IPDIVERT
  	/*
  	 * Divert reassembled packets to the divert protocol if required
+ 	 * If divert port is null then cookie should be too,
+ 	 * so we shouldn't need to clear them here. Assume ip_divert does so.
  	 */
  	if (frag_divert_port) {
  		ipstat.ips_delivered++;
***************
*** 566,577 ****
  		ipstat.ips_noproto++;
  		goto bad;
  	}
- 
- 	/* Don't let packets divert themselves */
- 	if (ip->ip_p == IPPROTO_DIVERT) {
- 		ipstat.ips_noproto++;
- 		goto bad;
- 	}
  #endif
  
  	/*
--- 569,574 ----
***************
*** 704,715 ****
  	/*
  	 * Any fragment diverting causes the whole packet to divert
  	 */
! 	if (frag_divert_port != 0) {
! 		fp->ipq_divert = frag_divert_port;
  #ifdef IPFW_DIVERT_RESTART
! 		fp->ipq_div_cookie = ip_divert_cookie;
  #endif /* IPFW_DIVERT_RESTART */
- 	}
  	frag_divert_port = 0;
  	ip_divert_cookie = 0;
  #endif
--- 701,710 ----
  	/*
  	 * Any fragment diverting causes the whole packet to divert
  	 */
! 	fp->ipq_divert = frag_divert_port;
  #ifdef IPFW_DIVERT_RESTART
! 	fp->ipq_div_cookie = ip_divert_cookie;
  #endif /* IPFW_DIVERT_RESTART */
  	frag_divert_port = 0;
  	ip_divert_cookie = 0;
  #endif
***************
*** 790,795 ****
--- 785,794 ----
  	return ((struct ip *)ip);
  
  dropfrag:
+ #ifdef IPDIVERT
+ 	frag_divert_port = 0;
+ 	ip_divert_cookie = 0;
+ #endif
  	ipstat.ips_fragdropped++;
  	m_freem(m);
  	return (0);


On Mon, 6 Jul 1998, Akihiko Hayashi wrote:

> At 3:59 PM +0900 7/6/98, Julian Elischer wrote:
> > can you try find the exact set of checkins that produce the instability?
> >
> > the effected files will be:
> >
> > ip_input.c
> > ip_output.c
> > ip_divert.c
> > ip_fw.c
> >
> 
> I get diff $Id of sys/netinet/*
> 
> 98062?-stable revision:
> in.h: $Id: in.h,v 1.22.2.4 1998/02/25 02:34:30 julian Exp $
> ip_divert.c: $Id: ip_divert.c,v 1.1.2.9 1998/06/12 03:02:08 julian Exp $
> ip_fw.c: $Id: ip_fw.c,v 1.51.2.14 1998/06/05 21:38:07 julian Exp $
> ip_input.c: $Id: ip_input.c,v 1.50.2.15 1998/06/05 21:38:09 julian Exp $
> ip_mroute.c: $Id: ip_mroute.c,v 1.34.2.2 1997/07/19 20:09:09 fenner Exp $
> ip_output.c: $Id: ip_output.c,v 1.44.2.8 1998/06/05 21:38:11 julian Exp $
> ip_var.h: $Id: ip_var.h,v 1.24.2.4 1998/06/05 21:38:12 julian Exp $
> 
> lastest-stable revision (in my cvs repository):
> in.h: $Id: in.h,v 1.22.2.5 1998/07/01 01:38:33 julian Exp $
> ip_divert.c: $Id: ip_divert.c,v 1.1.2.10 1998/07/01 01:38:34 julian Exp $
> ip_fw.c: $Id: ip_fw.c,v 1.51.2.15 1998/07/01 01:38:35 julian Exp $
> ip_input.c: $Id: ip_input.c,v 1.50.2.16 1998/07/01 01:38:36 julian Exp $
> ip_mroute.c: $Id: ip_mroute.c,v 1.34.2.3 1998/07/03 07:48:14 jkh Exp $
> ip_output.c: $Id: ip_output.c,v 1.44.2.9 1998/07/01 01:38:37 julian Exp $
> ip_var.h: $Id: ip_var.h,v 1.24.2.5 1998/07/01 01:38:38 julian Exp $
> 
> I found this problem at July 2, then I think that this problem is
> caused by:
> ----- from cvs-all-digest  -----
> > Date: Tue, 30 Jun 1998 18:38:41 -0700 (PDT)
> > From: Julian Elischer <julian@FreeBSD.ORG>
> > Subject: cvs commit: src/sys/netinet in.h ip_divert.c ip_fw.c ip_input.c
> >ip_output.c ip_var.h
> >
> > julian      1998/06/30 18:38:40 PDT
> >
> >   Modified files:        (Branch: RELENG_2_2)
> >     sys/netinet          in.h ip_divert.c ip_fw.c ip_input.c
> >                          ip_output.c ip_var.h
> >   Log:
> >   MFC: merge in some minor cleanups for IP divert
> >
> >   Revision  Changes    Path
> >   1.22.2.5  +3 -2      src/sys/netinet/in.h
> >   1.1.2.10  +10 -29    src/sys/netinet/ip_divert.c
> >   1.51.2.15 +25 -26    src/sys/netinet/ip_fw.c
> >   1.50.2.16 +8 -13     src/sys/netinet/ip_input.c
> >   1.44.2.9  +3 -3      src/sys/netinet/ip_output.c
> >   1.24.2.5  +2 -8      src/sys/netinet/ip_var.h
> ----- from cvs-all-digest  -----
> 
> 
> > >
> > > I backed /usr/src/sys/netinet/* to 98062?, and rebuild kernel,
> > > this problem is not appeared.
> >
> >
> > If you can tell me what '?' is it would help..
> >
> 
> may be 980627... it is not exactly. but, between 98062? and latest-stable,
> revision number is increased only one.
> 
> 
> ----
> hayashi@totalware.gifu.gifu.jp
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.980706013201.11949F-100000>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact