Re: IPFW2 layer2 filtering broken - PATCH
:Hello,
:
:I've been experiencing a problem in that all incoming packets are being
:dropped when IPFW2 and sysctl net.link.ether.ipfw=1 are enabled. I've
:traced the problem to /usr/src/sys/net/if_ethersubr.c and think I've
:solved the problem (8Gb of file copying over wi0 without issues). Could
:somebody who understands this better than me take a look?
:
:I narrowed the problem to the following section and compared it to the
:FreeBSD 4-STABLE sources.
:
:
:
:diff -ruN if_ethersubr.c if_ethersubr.c.new
:--- if_ethersubr.c 2005-01-06 09:14:13.000000000 +0000
:+++ if_ethersubr.c.new 2005-01-23 21:52:33.000000000 +0000
:@@ -677,10 +677,10 @@
: post_stats:
: if (IPFW_LOADED && ether_ipfw != 0) {
: if (!ether_ipfw_chk(&m, NULL, &rule, eh, FALSE)) {
:- m_freem(m);
:+ if (m != NULL)
:+ m_freem(m);
: return;
: }
:- eh = mtod(m, struct ether_header *);
: }
:
: ether_type = ntohs(eh->ether_type);
:
:
:
:There is also another section that calls ether_ipfw_chk() where there is
:a second "eh = mtod(m, struct ether_header *);" (Line 405) not present
:in the FreeBSD code. Removing it seems to have no effect.
:
:Regards
:
:G.Allan
Well, our m_freem() allows m to be NULL so the NULL check is not
necessary.
From my read of the code, the 'eh = mtod(...)' is necessary, but
most of the time the returned 'm' will be the same as the passed 'm'
so I am not surprised that you did not see any difference.
Your email wasn't quite clear on the point... what change did you make
which seemed to fix the problem for you? It couldn't be the m_freem()
change and you seem to indicate that it wasn't the 'eh = mtod...'
change either.
-Matt
Matthew Dillon
<dillon@backplane.com>
討論串 (同標題文章)
完整討論串 (本文為第 2 之 8 篇):