Re: IPFW2 layer2 filtering broken - PATCH

看板DFBSD_bugs作者時間21年前 (2005/01/26 02:03), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串5/8 (看更多)
> Matthew Dillon wrote: > > Well, our m_freem() allows m to be NULL so the NULL check is not > necessary. > > From my read of the code, the 'eh = mtod(...)' is necessary, but > most of the time the returned 'm' will be the same as the passed 'm' > so I am not surprised that you did not seeh = mtod(m, struct ether_header *);e any difference. > > Your email wasn't quite clear on the point... what change did you make > which seemed to fix the problem for you? It couldn't be the m_freem() > change and you seem to indicate that it wasn't the 'eh = mtod...' > change either. > > -Matt > Matthew Dillon > <dillon@backplane.com> Apologies, The change was the removal of the "eh = mtod(m, struct ether_header *);" line. When present all incoming packets are dropped with sysctl net.link.ether.ipfw=1 and ipfw2 loaded. I don't know if removing the line is the correct solution as I don't understand the code well enough but everything appears to be working after the change. Amended diff: diff -ruN if_ethersubr.c if_ethersubr.c.new --- if_ethersubr.c 2005-01-24 18:24:07.000000000 +0000 +++ if_ethersubr.c.new 2005-01-24 18:48:56.000000000 +0000 @@ -680,7 +680,6 @@ m_freem(m); return; } - eh = mtod(m, struct ether_header *); } ether_type = ntohs(eh->ether_type); I narrowed the symptoms down to the second location where ether_ipfw_chk() is invoked and compared the source to FreeBSD RELENG_4. Also ether_ipfw_chk is called from another location within if_ethersubr.c. Here there is a second mtod() call not present in the FreeBSD code. (I don't know if thats a problem or not.) * $DragonFly: src/sys/net/if_ethersubr.c,v 1.25 2005/01/06 09:14:13 hsu Exp $ */ .... if (IPFW_LOADED && ether_ipfw != 0) { struct ether_header save_eh, *eh; eh = mtod(m, struct ether_header *); save_eh = *eh; m_adj(m, ETHER_HDR_LEN); if (!ether_ipfw_chk(&m, ifp, &rule, eh, FALSE)) { if (m != NULL) { m_freem(m); return ENOBUFS; /* pkt dropped */ } else return 0; /* consumed e.g. in a pipe */ } eh = mtod(m, struct ether_header *); /* packet was ok, restore the ethernet header */ if ((void *)(eh + 1) == (void *)m->m_data) { m->m_data -= ETHER_HDR_LEN ; m->m_len += ETHER_HDR_LEN ; m->m_pkthdr.len += ETHER_HDR_LEN ; } else { Regards G.Allan
更多 dragonfly. 的文章
文章代碼(AID): #11zedg00 (DFBSD_bugs)
討論串 (同標題文章)
完整討論串 (本文為第 5 之 8 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共8篇)
更多 dragonfly. 的文章
文章代碼(AID): #11zedg00 (DFBSD_bugs)