HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS310258

ip[6]_tryforward does inbound and outbound packet firewall processing.
rS310258
Actions

Description

ip[6]_tryforward does inbound and outbound packet firewall processing.
This can lead to change of mbuf pointer (packet filter could do m_pullup(),
NAT, etc). Also in case of change of destination address, tryforward can
decide that packet should be handled by local system. In this case modified
mbuf can be returned to the ip[6]_input(). To handle this correctly, check
M_FASTFWD_OURS flag after return from ip[6]_tryforward. And if it is present,
update variables that depend from mbuf pointer and skip another inbound
firewall processing.

No objection from: network
MFC after: 3 weeks
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D8764

Details

Provenance
aeAuthored on
Differential Revision
D8764: Check that tryforward didn't changed mbuf
Parents
rS310257: Improve support for informational exceptions.
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
head/
sys/
netinet/
netinet6/

rS310258

View Options

head/sys/netinet/ip_input.c

Loading...
View Options

head/sys/netinet6/ip6_input.c

Loading...