On Mon, May 08, 2006 at 08:27:23PM +0200, Daniel Hartmeier wrote: > On Mon, May 08, 2006 at 11:49:30AM -0400, Adam McDougall wrote: > > > Could someone possibly produce a patch to force if_bridge to > > recalculate the checksum on every packet so I can test that as well? > > To me, the extra load on the firewall is less important than breaking > > packets I am trying to pass. > > Try the patch below, the first one is against -current and the second > against 6.0-stable. It compiles, but is otherwise untested.
Looks good to me and it looks like its working for Adam. Did you want to commit this Daniel?, ive made a few comments below. > Index: if_bridge.c > =================================================================== > RCS file: /pub/tmp/cvs/freebsd/src/sys/net/if_bridge.c,v > retrieving revision 1.59 > diff -u -r1.59 if_bridge.c > --- if_bridge.c 29 Apr 2006 05:37:25 -0000 1.59 > +++ if_bridge.c 8 May 2006 18:17:40 -0000 > @@ -2590,7 +2590,7 @@ > static int > bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) > { > - int snap, error, i; > + int snap, error, i, hlen; > struct ether_header *eh1, eh2; > struct ip_fw_args args; > struct ip *ip; > @@ -2787,8 +2787,25 @@ > > /* Restore ip and the fields ntohs()'d. */ Maybe change comment to: /* Recalculate the ip checksum and restore byte ordering */ > ip = mtod(*mp, struct ip *); > + if (ip == NULL) > + goto bad; I dont think this null check is needed, *mp cant be null. > + hlen = ip->ip_hl << 2; > + if (hlen < sizeof(struct ip)) > + goto bad; > + if (hlen > (*mp)->m_len) { > + if ((*mp = m_pullup(*mp, hlen)) == 0) > + goto bad; > + ip = mtod(*mp, struct ip *); > + if (ip == NULL) > + goto bad; > + } > ip->ip_len = htons(ip->ip_len); > ip->ip_off = htons(ip->ip_off); > + ip->ip_sum = 0; > + if (hlen == sizeof(struct ip)) > + ip->ip_sum = in_cksum_hdr(ip); > + else > + ip->ip_sum = in_cksum(*mp, hlen); > > break; > # ifdef INET6 > _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"