the diagnosis looks reasonable, though i do not remember changing
anything related to this between 4.6 and 4.7 so i wonder why the
error did not appear in earlier versions of the code.
icmp_error() consumes the mbuf so i believe it is ok to scramble it
but one should double check.
Note that NTOHS() seem to be deprecated in favour of the function version
of the same
cheers
luigi
On Thu, Dec 12, 2002 at 12:54:48AM +0000, Ian Dowse wrote:
> In message <[EMAIL PROTECTED]>, Alexander Langer
> writes:
> >Yeah, same situation here. 4.6 used to work w/o problem, 4.7 doesn't.
>
> Great, thanks for the debugging info. The bug seems to be that
> icmp_error() requires that the IP header fields are in host order,
> but when it is called on a briged packet by the IPFW code, this is
> not the case. Something like the patch below (untested) should fix
> the IPFW1 case. A similar change is needed for IPFW2.
>
> Luigi: does this look reasonable? I'm not familiour enough with the
> IPFW code to know if it is OK to modify the mbuf like this. If not
> then it needs to be copied first like ip_forward() does, making
> sure that the IP header does not end up in a shared cluster.
>
> Ian
>
> Index: ip_fw.c
> ===================================================================
> RCS file: /home/iedowse/CVS/src/sys/netinet/ip_fw.c,v
> retrieving revision 1.131.2.38
> diff -u -r1.131.2.38 ip_fw.c
> --- ip_fw.c 21 Nov 2002 01:27:30 -0000 1.131.2.38
> +++ ip_fw.c 12 Dec 2002 00:43:22 -0000
> @@ -1573,6 +1573,11 @@
> break;
> }
> default: /* Send an ICMP unreachable using code */
> + /* Must convert to host order for icmp_error(). */
> + if (BRIDGED) {
> + NTOHS(ip->ip_len);
> + NTOHS(ip->ip_off);
> + }
> icmp_error(*m, ICMP_UNREACH,
> f->fw_reject_code, 0L, 0);
> *m = NULL;
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
