Date: Fri, 09 Oct 2009 08:58:29 -0700 From: Julian Elischer <julian@elischer.org> To: Jacques Fourie <jacques.fourie@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Route re-calculation in ip_output() Message-ID: <4ACF5DA5.6060806@elischer.org> In-Reply-To: <be2f52430910090146m78db28fbnd57362ab658e0278@mail.gmail.com> References: <be2f52430910090146m78db28fbnd57362ab658e0278@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jacques Fourie wrote:
> Hi,
>
> I've noticed what I believe to be a bug in ip_output(). The piece of
> code in question is when the firewall changes the destination address
> of an outgoing packet and the subsequent re-calculation of the route.
> The issue should be clear from the attached diff - basically what
> happens is that for the second route lookup dst can point to
> ro->ro_rt->rt_gateway instead of &ro->ro_dst. It seems as if this
> issue is present on 7,8 and 9?
Is this a problem?
generally, the aim of a fwd firewall rule is to set the next hop
(gateway). so this may be what is required..
>
> --- ip_output.c 2009-10-09 10:37:40.537408240 +0200
> +++ /home/jacques/ip_output.c 2009-10-09 10:43:46.232819440 +0200
> @@ -521,8 +521,10 @@
> #endif
> error = netisr_queue(NETISR_IP, m);
> goto done;
> - } else
> + } else {
> + dst = (struct sockaddr_in *)&ro->ro_dst;
> goto again; /* Redo the routing table lookup. */
> + }
>
>
> Regards,
> Jacques
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ACF5DA5.6060806>