Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packets

Sat, 04 Jun 2011 06:00:58 -0700 

The following reply was made to PR kern/157239; it has been noted by GNATS.

From: Manuel Kasper <m...@neon1.net>
To: bug-follo...@freebsd.org
Cc: cr...@tzi.de
Subject: Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 
packets
Date: Sat, 4 Jun 2011 14:37:56 +0200

 --Apple-Mail-18-318878430
 Content-Transfer-Encoding: quoted-printable
 Content-Type: text/plain;
        charset=us-ascii
 
 I've been able to reproduce this on a FreeBSD 9.0-CURRENT snapshot dated =
 May 12 as well, but the behavior is a bit different compared to 8.2 with =
 respect to direction and one_pass setting:
 
 FreeBSD 8.2:
 - dummynet on input,  one_pass=3D0: OK
 - dummynet on input,  one_pass=3D1: broken
 - dummynet on output, one_pass=3D0: broken
 - dummynet on output, one_pass=3D1: broken
 
 FreeBSD 9:
 - dummynet on input,  one_pass=3D0: OK
 - dummynet on input,  one_pass=3D1: broken
 - dummynet on output, one_pass=3D0: broken
 - dummynet on output, one_pass=3D1: OK
 
 Also, I believe I've found the cause: ipfw/dummynet code uses =
 SET_HOST_IPLEN on IPv6 packets in two instances, thus inadvertently =
 swapping the next header and hop limit fields in the IPv6 header, =
 causing the "Unknown Extension Header" warnings and dropped packets (or =
 bad packets appearing on the wire if =
 net.inet6.ip6.fw.deny_unknown_exthdrs=3D0).
 
 A patch against 8.2-RELEASE that fixes this issue for me is attached - =
 Jan, could you please verify if this fixes the issue for you too?
 
 - Manuel
 
 --Apple-Mail-18-318878430
 Content-Disposition: attachment;
        filename=dummynet_v6.patch
 Content-Type: application/octet-stream;
        name="dummynet_v6.patch"
 Content-Transfer-Encoding: 7bit
 
 --- sys/netinet/ipfw/ip_dn_io.c.orig   2010-12-28 13:18:46.000000000 +0100
 +++ sys/netinet/ipfw/ip_dn_io.c        2011-06-04 14:35:45.305439000 +0200
 @@ -610,7 +610,6 @@
                        break;
  
                case DIR_OUT | PROTO_IPV6:
 -                      SET_HOST_IPLEN(mtod(m, struct ip *));
                        ip6_output(m, NULL, NULL, IPV6_FORWARDING, NULL, NULL, 
NULL);
                        break;
  #endif
 --- sys/netinet/ipfw/ip_fw_pfil.c.orig 2010-12-21 18:09:25.000000000 +0100
 +++ sys/netinet/ipfw/ip_fw_pfil.c      2011-06-04 14:35:45.305439000 +0200
 @@ -127,7 +127,8 @@
                args.rule = *((struct ipfw_rule_ref *)(tag+1));
                m_tag_delete(*m0, tag);
                if (args.rule.info & IPFW_ONEPASS) {
 -                      SET_HOST_IPLEN(mtod(*m0, struct ip *));
 +                      if (mtod(*m0, struct ip *)->ip_v == 4)
 +                              SET_HOST_IPLEN(mtod(*m0, struct ip *));
                        return 0;
                }
        }
 
 --Apple-Mail-18-318878430--
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Reply via email to