diff options
| author | nsayer <nsayer@FreeBSD.org> | 1999-03-30 23:45:14 +0000 |
|---|---|---|
| committer | nsayer <nsayer@FreeBSD.org> | 1999-03-30 23:45:14 +0000 |
| commit | e8d255dd8211778306edd31d1379052ab7750b67 (patch) | |
| tree | 8707a48e961db083ee3264e9d184e87305c6c6aa /sys/net | |
| parent | dd799f02088c9c7d57bcf030d7552122d34b8229 (diff) | |
| download | FreeBSD-src-e8d255dd8211778306edd31d1379052ab7750b67.zip FreeBSD-src-e8d255dd8211778306edd31d1379052ab7750b67.tar.gz | |
Merge from RELENG_2_2, per luigi. Fixes the ntoh?() issue for the
firewall code when called from the bridge code.
PR: 10818
Submitted by: nsayer
Obtained from: luigi
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/bridge.c | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/sys/net/bridge.c b/sys/net/bridge.c index c04fd09..b2dbe83 100644 --- a/sys/net/bridge.c +++ b/sys/net/bridge.c @@ -87,6 +87,9 @@ #include <net/if_types.h> #include <netinet/in.h> /* for struct arpcom */ +#include <netinet/in_systm.h> +#include <netinet/in_var.h> +#include <netinet/ip.h> #include <netinet/if_ether.h> /* for struct arpcom */ #include "opt_ipfw.h" @@ -519,13 +522,38 @@ bdg_forward (struct mbuf **m0, struct ifnet *dst) } dummy = 0 ; - off= (*ip_fw_chk_ptr)(NULL, 0, src, &dummy, &m, &rule, NULL /*next hop */ ) ; + /* + * before calling the firewall, swap fields the same as IP does. + * here we assume the pkt is an IP one and the header is contiguous + */ + eh = mtod(m, struct ether_header *); + ip = (struct ip *)(eh + 1 ) ; + NTOHS(ip->ip_len); + NTOHS(ip->ip_id); + NTOHS(ip->ip_off); + + /* + * The third parameter to the firewall code is the dst. interface. + * Since we apply checks only on input pkts we use NULL. + */ + off = (*ip_fw_chk_ptr)(NULL, 0, NULL, &dummy, &m, &rule, NULL) ; if (m == NULL) { /* pkt discarded by firewall */ - printf("-- bdg: firewall discarded pkt\n"); if (canfree) *m0 = NULL ; return 0 ; } + /* + * on return, the mbuf pointer might have changed. Restore + * *m0 (if it was the same as m), eh, ip and then + * restore original ordering. + */ + eh = mtod(m, struct ether_header *); + ip = (struct ip *)(eh + 1 ) ; + if (canfree) /* m was a reference to *m0, so update *m0 */ + *m0 = m ; + HTONS(ip->ip_len); + HTONS(ip->ip_id); + HTONS(ip->ip_off); if (off == 0) { if (canfree == 0) m_freem(m); @@ -544,7 +572,6 @@ bdg_forward (struct mbuf **m0, struct ifnet *dst) } #endif /* if none of the above matches, we have to drop the pkt */ - printf("-- bdg: fw: drop\n"); if (m) m_freem(m); if (canfree && m != *m0) { |
