On Thu, Nov 13, 2003 at 12:13:14AM +0100, Andre Oppermann wrote:
> Jesper Skriver wrote:
> >
> > On Sun, Nov 09, 2003 at 05:19:07PM +0100, Andre Oppermann wrote:
> > > Hello all,
> > >
> > > this patch contains three things (to be separated for committing):
> ...
> > > ip_fastforward
> > >
> > > - removes ip_flow forwarding code
> > > - adds full direct process-to-completion IPv4 forwarding code
> > > - handles ip fragmentation incl. hw support (ip_flow did not)
> > > - supports ipfw and ipfilter (ip_flow did not)
> > > - supports divert and ipfw fwd (ip_flow did not)
> > > - drops anything it can't handle back to normal ip_input
> >
> > I have a few comments to this code, see inline, look for #jesper
>
> Answers also inline. [All whitespace bugs are fixed and omitted here]
One comment at the bottom.
> > Apart from that it looks good.
>
> Thanks for reviewing!
>
> > /Jesper
> >
> > > +int
> > > +ip_fastforward(struct mbuf *m)
> > > +{
> ...
> > > +
> > > + /*
> > > + * Only unicast IP, not from loopback, no L2 or IP broadcast,
> > > + * no multicast, no INADDR_ANY
> > > + */
> > > + if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) ||
> > > + (ntohl(ip->ip_src.s_addr) == (u_long)INADDR_BROADCAST) ||
> >
> > #jesper
> > You will never see packets with a multicast source address.
>
> I hope so but we can never be sure. Here we look at what we've got
> straight from the wire. Everything is possible there. I only need
> to craft an apropriate packet...
True, but do we really care if forwarded such a packet ?
And if we want to check, we should just drop it directly instead of
giving the packet to ip_input.
/Jesper
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
