DragonFly BSD
DragonFly bugs List (threaded) for 2005-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: IPFW2 layer2 filtering broken - PATCH


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Jan 2005 09:50:05 -0800 (PST)

:Hello,
:
:I've been experiencing a problem in that all incoming packets are being 
:dropped when IPFW2 and sysctl net.link.ether.ipfw=1 are enabled. I've 
:traced the problem to /usr/src/sys/net/if_ethersubr.c and think I've 
:solved the problem (8Gb of file copying over wi0 without issues). Could 
:somebody who understands this better than me take a look?
:
:I narrowed the problem to the following section and compared it to the 
:FreeBSD 4-STABLE sources.
:
:
:
:diff -ruN if_ethersubr.c if_ethersubr.c.new
:--- if_ethersubr.c      2005-01-06 09:14:13.000000000 +0000
:+++ if_ethersubr.c.new  2005-01-23 21:52:33.000000000 +0000
:@@ -677,10 +677,10 @@
:  post_stats:
:         if (IPFW_LOADED && ether_ipfw != 0) {
:                 if (!ether_ipfw_chk(&m, NULL, &rule, eh, FALSE)) {
:-                       m_freem(m);
:+                       if (m != NULL)
:+                               m_freem(m);
:                         return;
:                 }
:-               eh = mtod(m, struct ether_header *);
:         }
:
:         ether_type = ntohs(eh->ether_type);
:
:
:
:There is also another section that calls ether_ipfw_chk() where there is 
:a second "eh = mtod(m, struct ether_header *);" (Line 405) not present 
:in the FreeBSD code. Removing it seems to have no effect.
:
:Regards
:
:G.Allan

    Well, our m_freem() allows m to be NULL so the NULL check is not
    necessary.

    From my read of the code, the 'eh = mtod(...)' is necessary, but 
    most of the time the returned 'm' will be the same as the passed 'm'
    so I am not surprised that you did not see any difference.

    Your email wasn't quite clear on the point... what change did you make
    which seemed to fix the problem for you?  It couldn't be the m_freem()
    change and you seem to indicate that it wasn't the 'eh = mtod...'
    change either.

					-Matt
					Matthew Dillon 
					<dillon@xxxxxxxxxxxxx>



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]