On Mon, May 08, 2006 at 08:27:23PM +0200, Daniel Hartmeier wrote:
> On Mon, May 08, 2006 at 11:49:30AM -0400, Adam McDougall wrote:
> 
> > Could someone possibly produce a patch to force if_bridge to 
> > recalculate the checksum on every packet so I can test that as well?
> > To me, the extra load on the firewall is less important than breaking
> > packets I am trying to pass.  
> 
> Try the patch below, the first one is against -current and the second
> against 6.0-stable. It compiles, but is otherwise untested.

Looks good to me and it looks like its working for Adam. Did you want to
commit this Daniel?, ive made a few comments below.

> Index: if_bridge.c
> ===================================================================
> RCS file: /pub/tmp/cvs/freebsd/src/sys/net/if_bridge.c,v
> retrieving revision 1.59
> diff -u -r1.59 if_bridge.c
> --- if_bridge.c       29 Apr 2006 05:37:25 -0000      1.59
> +++ if_bridge.c       8 May 2006 18:17:40 -0000
> @@ -2590,7 +2590,7 @@
>  static int
>  bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
>  {
> -     int snap, error, i;
> +     int snap, error, i, hlen;
>       struct ether_header *eh1, eh2;
>       struct ip_fw_args args;
>       struct ip *ip;
> @@ -2787,8 +2787,25 @@
>  
>               /* Restore ip and the fields ntohs()'d. */

  Maybe change comment to:
  /* Recalculate the ip checksum and restore byte ordering */
>               ip = mtod(*mp, struct ip *);
> +             if (ip == NULL)
> +                     goto bad;
                
  I dont think this null check is needed, *mp cant be null.

> +             hlen = ip->ip_hl << 2;
> +             if (hlen < sizeof(struct ip))
> +                     goto bad;
> +             if (hlen > (*mp)->m_len) {
> +                     if ((*mp = m_pullup(*mp, hlen)) == 0)
> +                             goto bad;
> +                     ip = mtod(*mp, struct ip *);
> +                     if (ip == NULL)
> +                             goto bad;
> +             }
>               ip->ip_len = htons(ip->ip_len);
>               ip->ip_off = htons(ip->ip_off);
> +             ip->ip_sum = 0;
> +             if (hlen == sizeof(struct ip))
> +                     ip->ip_sum = in_cksum_hdr(ip);
> +             else
> +                     ip->ip_sum = in_cksum(*mp, hlen);
>  
>               break;
>  # ifdef INET6
> 
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to