DragonFly bugs List (threaded) for 2005-01
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: IPFW2 layer2 filtering broken - PATCH

From:	Jeffrey Hsu <hsu@xxxxxxxxxxx>
Date:	Mon, 24 Jan 2005 11:12:11 -0800

Joerg Sonnenberger wrote:

On Mon, Jan 24, 2005 at 09:50:05AM -0800, Matthew Dillon wrote:

From my read of the code, the 'eh = mtod(...)' is necessary, but most of the time the returned 'm' will be the same as the passed 'm' so I am not surprised that you did not see any difference.
The eh = mtod() is necessary, because the ether header might not actually be
part of the passed in header. Because ether_ifpw_chk changes that by
prepending the header, it is necessary to update the pointer in the caller.


This is an interface problem.  When ether_ipfw_chk() does not modify the
mbuf, the recomputed eh pointer is incorrect because the mbuf has already
been adjusted.  An ugly workaround is something like

       if (IPFW_LOADED && ether_ipfw != 0) {
+               struct mbuf *n = m;
+
               if (!ether_ipfw_chk(&m, NULL, &rule, eh, FALSE)) {
                       m_freem(m);
                       return;
               }
-               eh = mtod(m, struct ether_header *);
+               if (m != n)
+                       eh = mtod(m, struct ether_header *);
       }

Alternatively, we could change the 4th parameter to ether_ipfw_chk()
to &eh and update it inside ether_ipfw_chk().

Follow-Ups:
- Re: IPFW2 layer2 filtering broken - PATCH
  - From: Joerg Sonnenberger

References:
- IPFW2 layer2 support broken.
  - From: Gary Allan
- Re: IPFW2 layer2 support broken.
  - From: Daimao
- Re: IPFW2 layer2 support broken.
  - From: Gary Allan
- IPFW2 layer2 filtering broken - PATCH
  - From: Gary Allan
- Re: IPFW2 layer2 filtering broken - PATCH
  - From: Matthew Dillon
- Re: IPFW2 layer2 filtering broken - PATCH
  - From: Joerg Sonnenberger

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]