Page MenuHomeFreeBSD
Files F156443207

D48069.id147922.diff
No OneTemporary
Actions

D48069.id147922.diff
View Options

diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -993,18 +993,9 @@
* sends a reject message, consuming the mbuf passed as an argument.
*/
static void
-send_reject(struct ip_fw_args *args, const ipfw_insn *cmd, int iplen,
+send_reject(struct ip_fw_args *args, int code, int mtu, int iplen,
struct ip *ip)
{
- int code, mtu;
-
- code = cmd->arg1;
- if (code == ICMP_UNREACH_NEEDFRAG &&
- cmd->len == F_INSN_SIZE(ipfw_insn_u16))
- mtu = ((const ipfw_insn_u16 *)cmd)->ports[0];
- else
- mtu = 0;
-
#if 0
/* XXX When ip is not guaranteed to be at mtod() we will
* need to account for this */
@@ -1458,6 +1449,9 @@
int done = 0; /* flag to exit the outer loop */
IPFW_RLOCK_TRACKER;
bool mem;
+ bool need_send_reject = false;
+ uint8_t reject_code;
+ uint16_t reject_mtu;
if ((mem = (args->flags & IPFW_ARGS_LENMASK))) {
if (args->flags & IPFW_ARGS_ETHER) {
@@ -3077,8 +3071,16 @@
is_icmp_query(ICMP(ulp))) &&
!(m->m_flags & (M_BCAST|M_MCAST)) &&
!IN_MULTICAST(ntohl(dst_ip.s_addr))) {
- send_reject(args, cmd, iplen, ip);
- m = args->m;
+ KASSERT(!need_send_reject,
+ ("o_reject - need_send_reject was set previously"));
+ if ((reject_code = cmd->arg1) == ICMP_UNREACH_NEEDFRAG &&
+ cmd->len == F_INSN_SIZE(ipfw_insn_u16)) {
+ reject_mtu =
+ ((ipfw_insn_u16 *)cmd)->ports[0];
+ } else {
+ reject_mtu = 0;
+ }
+ need_send_reject = true;
}
/* FALLTHROUGH */
#ifdef INET6
@@ -3090,12 +3092,14 @@
!(m->m_flags & (M_BCAST|M_MCAST)) &&
!IN6_IS_ADDR_MULTICAST(
&args->f_id.dst_ip6)) {
- send_reject6(args,
- cmd->opcode == O_REJECT ?
- map_icmp_unreach(cmd->arg1):
- cmd->arg1, hlen,
- (struct ip6_hdr *)ip);
- m = args->m;
+ KASSERT(!need_send_reject,
+ ("o_unreach6 - need_send_reject was set previously"));
+ reject_code = cmd->arg1;
+ if (cmd->opcode == O_REJECT) {
+ reject_code =
+ map_icmp_unreach(reject_code);
+ }
+ need_send_reject = true;
}
/* FALLTHROUGH */
#endif
@@ -3380,6 +3384,16 @@
printf("ipfw: ouch!, skip past end of rules, denying packet\n");
}
IPFW_PF_RUNLOCK(chain);
+ if (need_send_reject) {
+#ifdef INET6
+ if (is_ipv6)
+ send_reject6(args, reject_code, hlen,
+ (struct ip6_hdr *)ip);
+ else
+#endif
+ send_reject(args, reject_code, reject_mtu,
+ iplen, ip);
+ }
#ifdef __FreeBSD__
if (ucred_cache != NULL)
crfree(ucred_cache);

File Metadata

Mime Type
text/plain
Expires
Thu, May 14, 5:45 PM (9 h, 1 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
32995181
Default Alt Text
D48069.id147922.diff (2 KB)

Event Timeline