Route re-calculation in ip_output()
Julian Elischer
julian at elischer.org
Fri Oct 9 15:58:27 UTC 2009
Jacques Fourie wrote:
> Hi,
>
> I've noticed what I believe to be a bug in ip_output(). The piece of
> code in question is when the firewall changes the destination address
> of an outgoing packet and the subsequent re-calculation of the route.
> The issue should be clear from the attached diff - basically what
> happens is that for the second route lookup dst can point to
> ro->ro_rt->rt_gateway instead of &ro->ro_dst. It seems as if this
> issue is present on 7,8 and 9?
Is this a problem?
generally, the aim of a fwd firewall rule is to set the next hop
(gateway). so this may be what is required..
>
> --- ip_output.c 2009-10-09 10:37:40.537408240 +0200
> +++ /home/jacques/ip_output.c 2009-10-09 10:43:46.232819440 +0200
> @@ -521,8 +521,10 @@
> #endif
> error = netisr_queue(NETISR_IP, m);
> goto done;
> - } else
> + } else {
> + dst = (struct sockaddr_in *)&ro->ro_dst;
> goto again; /* Redo the routing table lookup. */
> + }
>
>
> Regards,
> Jacques
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list