Re: IPFW2 layer2 filtering broken - PATCH
Joerg Sonnenberger wrote:
> On Mon, Jan 24, 2005 at 09:50:05AM -0800, Matthew Dillon wrote:
>
>> From my read of the code, the 'eh = mtod(...)' is necessary, but
>> most of the time the returned 'm' will be the same as the passed 'm'
>> so I am not surprised that you did not see any difference.
>
>
> The eh = mtod() is necessary, because the ether header might not actually be
> part of the passed in header. Because ether_ifpw_chk changes that by
> prepending the header, it is necessary to update the pointer in the caller.
This is an interface problem. When ether_ipfw_chk() does not modify the
mbuf, the recomputed eh pointer is incorrect because the mbuf has already
been adjusted. An ugly workaround is something like
if (IPFW_LOADED && ether_ipfw != 0) {
+ struct mbuf *n = m;
+
if (!ether_ipfw_chk(&m, NULL, &rule, eh, FALSE)) {
m_freem(m);
return;
}
- eh = mtod(m, struct ether_header *);
+ if (m != n)
+ eh = mtod(m, struct ether_header *);
}
Alternatively, we could change the 4th parameter to ether_ipfw_chk()
to &eh and update it inside ether_ipfw_chk().
討論串 (同標題文章)
完整討論串 (本文為第 4 之 8 篇):