svn commit: r206055 - stable/8/sys/net
Qing Li
qingli at FreeBSD.org
Thu Apr 1 20:23:43 UTC 2010
Author: qingli
Date: Thu Apr 1 20:23:43 2010
New Revision: 206055
URL: http://svn.freebsd.org/changeset/base/206055
Log:
MFC 205077
The flow-table module retrieves the destination and source
address as well as the transport protocol port information
from the outbound packets. The routing code is generic and
compares every byte in the given sockaddr object. Therefore
the temporary sockaddr objects must be cleared due to padding
bytes. In addition, the port information must be stripped
or the route search will either fail or return the incorrect
route entry.
Unit testing is done using OpenVPN over the if_tun interface.
Modified:
stable/8/sys/net/flowtable.c
Directory Properties:
stable/8/sys/ (props changed)
stable/8/sys/amd64/include/xen/ (props changed)
stable/8/sys/cddl/contrib/opensolaris/ (props changed)
stable/8/sys/contrib/dev/acpica/ (props changed)
stable/8/sys/contrib/pf/ (props changed)
stable/8/sys/dev/xen/xenpci/ (props changed)
stable/8/sys/net/ (props changed)
Modified: stable/8/sys/net/flowtable.c
==============================================================================
--- stable/8/sys/net/flowtable.c Thu Apr 1 19:05:43 2010 (r206054)
+++ stable/8/sys/net/flowtable.c Thu Apr 1 20:23:43 2010 (r206055)
@@ -598,6 +598,8 @@ flowtable_lookup_mbuf4(struct flowtable
dsin = (struct sockaddr_in *)&dsa;
ssin = (struct sockaddr_in *)&ssa;
+ bzero(dsin, sizeof(*dsin));
+ bzero(ssin, sizeof(*ssin));
flags = ft->ft_flags;
if (ipv4_mbuf_demarshal(ft, m, ssin, dsin, &flags) != 0)
return (NULL);
@@ -801,6 +803,8 @@ flowtable_lookup_mbuf6(struct flowtable
dsin6 = (struct sockaddr_in6 *)&dsa;
ssin6 = (struct sockaddr_in6 *)&ssa;
+ bzero(dsin6, sizeof(*dsin6));
+ bzero(ssin6, sizeof(*ssin6));
flags = ft->ft_flags;
if (ipv6_mbuf_demarshal(ft, m, ssin6, dsin6, &flags) != 0)
@@ -1130,6 +1134,14 @@ flowtable_lookup(struct flowtable *ft, s
ro = &sro;
memcpy(&ro->ro_dst, dsa, sizeof(struct sockaddr_in));
+ /*
+ * The harvested source and destination addresses
+ * may contain port information if the packet is
+ * from a transport protocol (e.g. TCP/UDP). The
+ * port field must be cleared before performing
+ * a route lookup.
+ */
+ ((struct sockaddr_in *)&ro->ro_dst)->sin_port = 0;
dsin = (struct sockaddr_in *)dsa;
ssin = (struct sockaddr_in *)ssa;
if ((dsin->sin_addr.s_addr == ssin->sin_addr.s_addr) ||
@@ -1147,6 +1159,7 @@ flowtable_lookup(struct flowtable *ft, s
ro = (struct route *)&sro6;
memcpy(&sro6.ro_dst, dsa,
sizeof(struct sockaddr_in6));
+ ((struct sockaddr_in6 *)&ro->ro_dst)->sin6_port = 0;
dsin6 = (struct sockaddr_in6 *)dsa;
ssin6 = (struct sockaddr_in6 *)ssa;
More information about the svn-src-stable-8
mailing list