diff options
| author | julian <julian@FreeBSD.org> | 2001-12-28 21:21:57 +0000 |
|---|---|---|
| committer | julian <julian@FreeBSD.org> | 2001-12-28 21:21:57 +0000 |
| commit | f6dd852457c63475e76786932dc17687b97286d7 (patch) | |
| tree | 84f0d51e819c927ff3e9999211db890cd19b3aeb /sys/netinet | |
| parent | 086017e65e397c72ba575d57c00a46d8c09a3a4d (diff) | |
| download | FreeBSD-src-f6dd852457c63475e76786932dc17687b97286d7.zip FreeBSD-src-f6dd852457c63475e76786932dc17687b97286d7.tar.gz | |
Fix ipfw fwd so that it acts as the docs say
when forwarding an incoming packet to another machine.
Obtained from: Vicor Production tree
MFC after: 3 weeks
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_input.c | 18 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 16 |
2 files changed, 24 insertions, 10 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 51f2396..91ed845 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1579,21 +1579,29 @@ ip_forward(m, srcrt) int error, type = 0, code = 0; struct mbuf *mcopy; n_long dest; + struct in_addr pkt_dst; struct ifnet *destifp; #ifdef IPSEC struct ifnet dummyifp; #endif dest = 0; + /* + * Cache the destination address of the packet; this may be + * changed by use of 'ipfw fwd'. + */ + pkt_dst = ip_fw_fwd_addr == NULL ? + ip->ip_dst : ip_fw_fwd_addr->sin_addr; + #ifdef DIAGNOSTIC if (ipprintfs) printf("forward: src %lx dst %lx ttl %x\n", - (u_long)ip->ip_src.s_addr, (u_long)ip->ip_dst.s_addr, + (u_long)ip->ip_src.s_addr, (u_long)pkt_dst.s_addr, ip->ip_ttl); #endif - if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { + if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(pkt_dst) == 0) { ipstat.ips_cantforward++; m_freem(m); return; @@ -1610,7 +1618,7 @@ ip_forward(m, srcrt) } #endif - if (ip_rtaddr(ip->ip_dst, &ipforward_rt) == 0) { + if (ip_rtaddr(pkt_dst, &ipforward_rt) == 0) { icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 0); return; } else @@ -1652,7 +1660,7 @@ ip_forward(m, srcrt) if (rt->rt_ifp == m->m_pkthdr.rcvif && (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 && satosin(rt_key(rt))->sin_addr.s_addr != 0 && - ipsendredirects && !srcrt) { + ipsendredirects && !srcrt && !ip_fw_fwd_addr) { #define RTA(rt) ((struct in_ifaddr *)(rt->rt_ifa)) u_long src = ntohl(ip->ip_src.s_addr); @@ -1661,7 +1669,7 @@ ip_forward(m, srcrt) if (rt->rt_flags & RTF_GATEWAY) dest = satosin(rt->rt_gateway)->sin_addr.s_addr; else - dest = ip->ip_dst.s_addr; + dest = pkt_dst.s_addr; /* Router requirements says to only send host redirects */ type = ICMP_REDIRECT; code = ICMP_REDIRECT_HOST; diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index d14edbe..3e1ddb7 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -127,6 +127,7 @@ ip_output(m0, opt, ro, flags, imo) struct sockaddr_in *dst; struct in_ifaddr *ia; int isbroadcast, sw_csum; + struct in_addr pkt_dst; #ifdef IPSEC struct socket *so = NULL; struct secpolicy *sp = NULL; @@ -194,6 +195,9 @@ ip_output(m0, opt, ro, flags, imo) hlen = len; } ip = mtod(m, struct ip *); + pkt_dst = ip_fw_fwd_addr == NULL + ? ip->ip_dst : ip_fw_fwd_addr->sin_addr; + /* * Fill in IP header. */ @@ -222,14 +226,14 @@ ip_output(m0, opt, ro, flags, imo) * and is still up. If not, free it and try again. */ if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 || - dst->sin_addr.s_addr != ip->ip_dst.s_addr)) { + dst->sin_addr.s_addr != pkt_dst.s_addr)) { RTFREE(ro->ro_rt); ro->ro_rt = (struct rtentry *)0; } if (ro->ro_rt == 0) { dst->sin_family = AF_INET; dst->sin_len = sizeof(*dst); - dst->sin_addr = ip->ip_dst; + dst->sin_addr = pkt_dst; } /* * If routing to interface only, @@ -281,7 +285,7 @@ ip_output(m0, opt, ro, flags, imo) else isbroadcast = in_broadcast(dst->sin_addr, ifp); } - if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { + if (IN_MULTICAST(ntohl(pkt_dst.s_addr))) { struct in_multi *inm; m->m_flags |= M_MCAST; @@ -321,7 +325,7 @@ ip_output(m0, opt, ro, flags, imo) ip->ip_src = IA_SIN(ia)->sin_addr; } - IN_LOOKUP_MULTI(ip->ip_dst, ifp, inm); + IN_LOOKUP_MULTI(pkt_dst, ifp, inm); if (inm != NULL && (imo == NULL || imo->imo_multicast_loop)) { /* @@ -587,8 +591,9 @@ skip_ipsec: /* * Check with the firewall... + * but not if we are already being fwd'd from a firewall. */ - if (fw_enable && IPFW_LOADED) { + if (fw_enable && IPFW_LOADED && !ip_fw_fwd_addr) { struct sockaddr_in *old = dst; off = ip_fw_chk_ptr(&ip, @@ -790,6 +795,7 @@ skip_ipsec: goto done; } + ip_fw_fwd_addr = NULL; pass: m->m_pkthdr.csum_flags |= CSUM_IP; sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist; |
