svn commit: r206055 - stable/8/sys/net

Qing Li qingli at FreeBSD.org
Thu Apr 1 20:23:43 UTC 2010 

Author: qingli
Date: Thu Apr  1 20:23:43 2010
New Revision: 206055
URL: http://svn.freebsd.org/changeset/base/206055

Log:
  MFC	205077
  
  The flow-table module retrieves the destination and source
  address as well as the transport protocol port information
  from the outbound packets. The routing code is generic and
  compares every byte in the given sockaddr object. Therefore
  the temporary sockaddr objects must be cleared due to padding
  bytes. In addition, the port information must be stripped
  or the route search will either fail or return the incorrect
  route entry.
  
  Unit testing is done using OpenVPN over the if_tun interface.

Modified:
  stable/8/sys/net/flowtable.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)
  stable/8/sys/net/   (props changed)

Modified: stable/8/sys/net/flowtable.c
==============================================================================
--- stable/8/sys/net/flowtable.c	Thu Apr  1 19:05:43 2010	(r206054)
+++ stable/8/sys/net/flowtable.c	Thu Apr  1 20:23:43 2010	(r206055)
@@ -598,6 +598,8 @@ flowtable_lookup_mbuf4(struct flowtable 
 
 	dsin = (struct sockaddr_in *)&dsa;
 	ssin = (struct sockaddr_in *)&ssa;
+	bzero(dsin, sizeof(*dsin));
+	bzero(ssin, sizeof(*ssin));
 	flags = ft->ft_flags;
 	if (ipv4_mbuf_demarshal(ft, m, ssin, dsin, &flags) != 0)
 		return (NULL);
@@ -801,6 +803,8 @@ flowtable_lookup_mbuf6(struct flowtable 
 
 	dsin6 = (struct sockaddr_in6 *)&dsa;
 	ssin6 = (struct sockaddr_in6 *)&ssa;
+	bzero(dsin6, sizeof(*dsin6));
+	bzero(ssin6, sizeof(*ssin6));
 	flags = ft->ft_flags;
 	
 	if (ipv6_mbuf_demarshal(ft, m, ssin6, dsin6, &flags) != 0)
@@ -1130,6 +1134,14 @@ flowtable_lookup(struct flowtable *ft, s
 
 		ro = &sro;
 		memcpy(&ro->ro_dst, dsa, sizeof(struct sockaddr_in));
+		/*
+		 * The harvested source and destination addresses
+		 * may contain port information if the packet is 
+		 * from a transport protocol (e.g. TCP/UDP). The 
+		 * port field must be cleared before performing 
+		 * a route lookup.
+		 */
+		((struct sockaddr_in *)&ro->ro_dst)->sin_port = 0;
 		dsin = (struct sockaddr_in *)dsa;
 		ssin = (struct sockaddr_in *)ssa;
 		if ((dsin->sin_addr.s_addr == ssin->sin_addr.s_addr) ||
@@ -1147,6 +1159,7 @@ flowtable_lookup(struct flowtable *ft, s
 		ro = (struct route *)&sro6;
 		memcpy(&sro6.ro_dst, dsa,
 		    sizeof(struct sockaddr_in6));
+		((struct sockaddr_in6 *)&ro->ro_dst)->sin6_port = 0;
 		dsin6 = (struct sockaddr_in6 *)dsa;
 		ssin6 = (struct sockaddr_in6 *)ssa;

More information about the svn-src-stable mailing list