On Mon, Feb 18, 2002 at 12:01:17PM -0500, Michael R. Wayne wrote:
> On Mon, Feb 18, 2002 at 05:49:46AM -0800, Crist J. Clark wrote:
> > What precise version of FreeBSD are you running, BTW?
>
> 4.5 RELEASE, as stated in original message.
Do these patches help?
Index: ip_input.c
===================================================================
RCS file: /export/ncvs/src/sys/netinet/ip_input.c,v
retrieving revision 1.130.2.33
diff -u -r1.130.2.33 ip_input.c
--- ip_input.c 14 Feb 2002 11:19:57 -0000 1.130.2.33
+++ ip_input.c 18 Feb 2002 17:19:24 -0000
@@ -1618,21 +1618,29 @@
int error, type = 0, code = 0;
struct mbuf *mcopy;
n_long dest;
+ struct in_addr pkt_dst;
struct ifnet *destifp;
#ifdef IPSEC
struct ifnet dummyifp;
#endif
dest = 0;
+ /*
+ * Cache the destination address of the packet; this may be
+ * changed by use of 'ipfw fwd'.
+ */
+ pkt_dst = ip_fw_fwd_addr == NULL ?
+ ip->ip_dst : ip_fw_fwd_addr->sin_addr;
+
#ifdef DIAGNOSTIC
if (ipprintfs)
printf("forward: src %lx dst %lx ttl %x\n",
- (u_long)ip->ip_src.s_addr, (u_long)ip->ip_dst.s_addr,
+ (u_long)ip->ip_src.s_addr, (u_long)pkt_dst.s_addr,
ip->ip_ttl);
#endif
- if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) {
+ if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(pkt_dst) == 0) {
ipstat.ips_cantforward++;
m_freem(m);
return;
@@ -1651,14 +1659,14 @@
sin = (struct sockaddr_in *)&ipforward_rt.ro_dst;
if ((rt = ipforward_rt.ro_rt) == 0 ||
- ip->ip_dst.s_addr != sin->sin_addr.s_addr) {
+ pkt_dst.s_addr != sin->sin_addr.s_addr) {
if (ipforward_rt.ro_rt) {
RTFREE(ipforward_rt.ro_rt);
ipforward_rt.ro_rt = 0;
}
sin->sin_family = AF_INET;
sin->sin_len = sizeof(*sin);
- sin->sin_addr = ip->ip_dst;
+ sin->sin_addr = pkt_dst;
rtalloc_ign(&ipforward_rt, RTF_PRCLONING);
if (ipforward_rt.ro_rt == 0) {
@@ -1704,7 +1712,7 @@
if (rt->rt_ifp == m->m_pkthdr.rcvif &&
(rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 &&
satosin(rt_key(rt))->sin_addr.s_addr != 0 &&
- ipsendredirects && !srcrt) {
+ ipsendredirects && !srcrt && !ip_fw_fwd_addr) {
#define RTA(rt) ((struct in_ifaddr *)(rt->rt_ifa))
u_long src = ntohl(ip->ip_src.s_addr);
@@ -1713,7 +1721,7 @@
if (rt->rt_flags & RTF_GATEWAY)
dest = satosin(rt->rt_gateway)->sin_addr.s_addr;
else
- dest = ip->ip_dst.s_addr;
+ dest = pkt_dst.s_addr;
/* Router requirements says to only send host redirects */
type = ICMP_REDIRECT;
code = ICMP_REDIRECT_HOST;
Index: ip_output.c
===================================================================
RCS file: /export/ncvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.99.2.25
diff -u -r1.99.2.25 ip_output.c
--- ip_output.c 1 Feb 2002 10:42:09 -0000 1.99.2.25
+++ ip_output.c 18 Feb 2002 17:12:33 -0000
@@ -128,6 +128,7 @@
struct sockaddr_in *dst;
struct in_ifaddr *ia = NULL;
int isbroadcast, sw_csum;
+ struct in_addr pkt_dst;
#ifdef IPSEC
struct socket *so = NULL;
struct secpolicy *sp = NULL;
@@ -191,6 +192,9 @@
hlen = len;
}
ip = mtod(m, struct ip *);
+ pkt_dst = ip_fw_fwd_addr == NULL
+ ? ip->ip_dst : ip_fw_fwd_addr->sin_addr;
+
/*
* Fill in IP header.
*/
@@ -219,14 +223,14 @@
* and is still up. If not, free it and try again.
*/
if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
- dst->sin_addr.s_addr != ip->ip_dst.s_addr)) {
+ dst->sin_addr.s_addr != pkt_dst.s_addr)) {
RTFREE(ro->ro_rt);
ro->ro_rt = (struct rtentry *)0;
}
if (ro->ro_rt == 0) {
dst->sin_family = AF_INET;
dst->sin_len = sizeof(*dst);
- dst->sin_addr = ip->ip_dst;
+ dst->sin_addr = pkt_dst;
}
/*
* If routing to interface only,
@@ -278,7 +282,7 @@
else
isbroadcast = in_broadcast(dst->sin_addr, ifp);
}
- if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
+ if (IN_MULTICAST(ntohl(pkt_dst.s_addr))) {
struct in_multi *inm;
m->m_flags |= M_MCAST;
@@ -318,7 +322,7 @@
ip->ip_src = IA_SIN(ia)->sin_addr;
}
- IN_LOOKUP_MULTI(ip->ip_dst, ifp, inm);
+ IN_LOOKUP_MULTI(pkt_dst, ifp, inm);
if (inm != NULL &&
(imo == NULL || imo->imo_multicast_loop)) {
/*
@@ -582,8 +586,9 @@
/*
* Check with the firewall...
+ * but not if we are already being fwd'd from a firewall.
*/
- if (fw_enable && IPFW_LOADED) {
+ if (fw_enable && IPFW_LOADED && !ip_fw_fwd_addr) {
struct sockaddr_in *old = dst;
off = ip_fw_chk_ptr(&ip,
@@ -774,6 +779,7 @@
goto done;
}
+ ip_fw_fwd_addr = NULL;
pass:
m->m_pkthdr.csum_flags |= CSUM_IP;
sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist;
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/ | [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
