[PATCH] resolve byte order mess in ip_input/ip_output/pfil(9)

Gleb Smirnoff glebius at FreeBSD.org
Fri Oct 5 11:47:23 UTC 2012 

  Hello,

  once the pfil(9) API was introduced in FreeBSD, our main packet filter,
the ipfw(4) worked in host byte order, that's why the pfil(9) API was
violated: the AF_INET hooks were entered with packet in host byte order.

  If you look into pfil(9) manpage you'll see that it still declares
opposite :)

  Today, pf(4) and ipfw(4) both are working with net byte order. But
pfil(9) still supplies packet to them in host byte order, contrary
to what API manual says.

  Right now, we have tons of places where byte order is swapped there
and back to resolve this mess:

  - when entering pf
  - when entering ipfw
  - when calling pfil hooks from enc(4)
  - when calling pfil hooks from if_bridge(4)
  - in ip_fastfwd.c

  Also, we've got ip_fragment() that accepts packet in host byte
order and emits new ones in net byte order.

  Moreover, when we put packets into the NETISR_IP queue, we put them
in different byte order: those that have M_FASTFWD_OURS flag are in
host byte order, while all others are in net.

  Attached patch does the following:

  - all packets in NETISR_IP queue are in net byte order
  - ip_input() is entered in net byte order and converts packet
    to host byte order right _after_ processing pfil(9) hooks
  - ip_output() is entered in host byte order and converts packet
    to net byte order right _before_ processing pfil(9) hooks
  - ip_fragment() accepts and emits packet in net byte order
  - ip_forward(), ip_mloopback() use host byte order (untouched actually)
  - ip_fastforward() no longer modifies packet at all (except ip_ttl)
  - swapping of byte order there and back removed from the following modules:
    pf(4), ipfw(4), enc(4), if_bridge(4)
  - swapping of byte order added to ipfilter(4), based on __FreeBSD_version
  - __FreeBSD_version bumped
  - manual page updated

-- 
Totus tuus, Glebius.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: net_byte_order.diff
Type: text/x-diff
Size: 16255 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20121005/f89b9c9e/net_byte_order.bin

More information about the freebsd-net mailing list