kern/99484: enabling net.inet.ip.fastforwarding breaks rfc2644
Colin Petrie
cpetrie at xcalibre.co.uk
Tue Jun 27 10:50:36 UTC 2006
The following reply was made to PR kern/99484; it has been noted by GNATS.
From: Colin Petrie <cpetrie at xcalibre.co.uk>
To: bug-followup at FreeBSD.org, cpetrie at xcalibre.co.uk
Cc:
Subject: Re: kern/99484: enabling net.inet.ip.fastforwarding breaks rfc2644
Date: Tue, 27 Jun 2006 11:46:17 +0100
Hi,
The following patch appears to resolve the problem but I thought a bit
of peer review would be nice. Anyone see any problems with this patch?
Cheers
Colin
*** ip_fastfwd.c Tue Jun 27 11:29:01 2006
--- ip_fastfwd.c.new Tue Jun 27 11:30:18 2006
*************** ip_fastforward(struct mbuf *m)
*** 162,167 ****
--- 162,168 ----
u_short sum, ip_len;
int error = 0;
int hlen, mtu;
+ int isbroadcast;
#ifdef IPFIREWALL_FORWARD
struct m_tag *fwd_tag;
#endif
*************** ip_fastforward(struct mbuf *m)
*** 275,280 ****
--- 276,282 ----
goto drop;
}
+
#ifdef ALTQ
/*
* Is packet dropped by traffic conditioner?
*************** passin:
*** 421,426 ****
--- 423,439 ----
*/
if (ro.ro_rt->rt_flags & RTF_BLACKHOLE)
goto drop;
+
+ /*
+ * Is packet a directed network broadcast packet?
+ */
+ isbroadcast = in_broadcast(dst->sin_addr, ifp);
+ if (isbroadcast) {
+ printf("ip_fastfwd: dropping directed broadcast - to %s\n",
+ inet_ntoa(dst->sin_addr));
+ ipstat.ips_badaddr++;
+ goto drop;
+ }
/*
* Step 5: outgoing firewall packet processing
More information about the freebsd-bugs
mailing list