diff options
author | iedowse <iedowse@FreeBSD.org> | 2002-12-27 17:43:25 +0000 |
---|---|---|
committer | iedowse <iedowse@FreeBSD.org> | 2002-12-27 17:43:25 +0000 |
commit | f5462007056ca440dfe2c11ce75452bcdab12f57 (patch) | |
tree | 72e2f9fa523fd23d9944eaa63a3d75799d4d3c99 /sys/netinet/ip_fw.c | |
parent | f6258ba488075f7a4561dbca1e316dd438a7af5c (diff) | |
download | FreeBSD-src-f5462007056ca440dfe2c11ce75452bcdab12f57.zip FreeBSD-src-f5462007056ca440dfe2c11ce75452bcdab12f57.tar.gz |
Bridged packets are supplied to the firewall with their IP header
in network byte order, but icmp_error() expects the IP header to
be in host order and the code here did not perform the necessary
swapping for the bridged case. This bug causes an "icmp_error: bad
length" panic when certain length IP packets (e.g. ip_len == 0x100)
are rejected by the firewall with an ICMP response.
MFC after: 3 days
Diffstat (limited to 'sys/netinet/ip_fw.c')
-rw-r--r-- | sys/netinet/ip_fw.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index 8a41f99..26f4a04 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -1236,7 +1236,6 @@ again: /* Check if rule only valid for bridged packets */ if ((f->fw_flg & IP_FW_BRIDGED) != 0 && !(BRIDGED)) continue; -#undef BRIDGED if (oif) { /* Check direction outbound */ @@ -1628,6 +1627,11 @@ got_match: && (proto != IPPROTO_ICMP || is_icmp_query(ip)) && !((*m)->m_flags & (M_BCAST|M_MCAST)) && !IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { + /* Must convert to host order for icmp_error() etc. */ + if (BRIDGED) { + ip->ip_len = ntohs(ip->ip_len); + ip->ip_off = ntohs(ip->ip_off); + } switch (f->fw_reject_code) { case IP_FW_REJECT_RST: { @@ -1670,6 +1674,7 @@ dropit: * Finally, drop the packet. */ return(IP_FW_PORT_DENY_FLAG); +#undef BRIDGED } /* |