kern/73129: IPFW misbehaviour in RELENG_5

Mon Oct 25 09:30:32 PDT 2004

>Number:         73129
>Category:       kern
>Synopsis:       IPFW misbehaviour in RELENG_5
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 25 16:30:31 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Vladimir Ivanov
>Release:        FreeBSD 5.3-STABLE i386
>Organization:
Yandex LLC
>Environment:
System: FreeBSD wawa.yandex.ru 5.3-STABLE FreeBSD 5.3-STABLE #0: Mon Oct 25 19:21:30 MSD 2004 wawa at wawa.yandex.ru:/usr/src/sys/i386/compile/WAWA i386


	
>Description:
	IPFW does not forward packets which has dst-addr from directly connected network.
	
>How-To-Repeat:
	there are three interfaces on router:

vlan3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 213.180.192.168 netmask 0xfffffff0 broadcast 213.180.192.175
        ether 00:30:48:29:e9:62
        media: Ethernet 1000baseTX (1000baseTX <full-duplex>)
        status: active
        vlan: 3 parent interface: em0
vlan159: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 213.180.200.254 netmask 0xffffff00 broadcast 213.180.200.255
        ether 00:30:48:29:e9:62
        media: Ethernet 1000baseTX (1000baseTX <full-duplex>)
        status: active
        vlan: 159 parent interface: em0
vlan169: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 213.180.218.254 netmask 0xffffff00 broadcast 213.180.218.255
        ether 00:30:48:29:e9:62
        media: Ethernet 1000baseTX (1000baseTX <full-duplex>)
        status: active
        vlan: 169 parent interface: em0

Firewall:
	fwd 213.180.192.162 tcp from 213.180.200.32/28 to 213.180.218.0/24 in via vlan159
	allow ip from any to any

The very first firewall command does not forward packets et all. Though it increments counters
I've found a strange piece of code in the module ip_route.c. The problem may be fixed by removing a couple of lines.
I'm not sure whether it is a valid solution cause code is pretty complicated. Author's comments are desirable :-)
	
>Fix:

--- ip_output.c.orig    Sun Oct  3 21:04:40 2004
+++ ip_output.c Mon Oct 25 20:01:59 2004
@@ -706,16 +706,11 @@
        /* Or forward to some other address? */
        fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
        if (fwd_tag) {
-               if (!in_localip(ip->ip_src) && !in_localaddr(ip->ip_dst)) {
-                       dst = (struct sockaddr_in *)&ro->ro_dst;
-                       bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
-                       m->m_flags |= M_SKIP_FIREWALL;
-                       m_tag_delete(m, fwd_tag);
-                       goto again;
-               } else {
-                       m_tag_delete(m, fwd_tag);
-                       /* Continue. */
-               }
+               dst = (struct sockaddr_in *)&ro->ro_dst;
+               bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
+               m->m_flags |= M_SKIP_FIREWALL;
+               m_tag_delete(m, fwd_tag);
+               goto again;
        }
 #endif



>Release-Note:
>Audit-Trail:
>Unformatted:
