When a packet has been reinjected into ipfw(4) after dummynet(4) processing

we have a non-NULL args.rule. If the same packet later is subject to "tee" rule, its original is sent again into ipfw_chk() and it reenters at the same rule. This leads to infinite loop and frozen router. Assign args.rule to NULL, any time we are going to send packet back to ipfw_chk() after a tee rule. This is a temporary workaround, which we will leave for RELENG_5. In HEAD we are going to make divert(4) save next rule the same way as dummynet(4) does. PR: kern/79546 Submitted by: Oleg Bulyzhin Reviewed by: maxim, andre MFC after: 3 days
svn path=/head/; revision=144712
2024-10-19 02:29:40 +00:00 · 2005-04-06 14:00:33 +00:00 · 2005-04-06 14:00:33 +00:00 · 8351d04f34 · 2020-12-20 02:59:44 +00:00
commit 8351d04f34
parent bc1eb018c1
1 changed files with 6 additions and 2 deletions
--- a/sys/netinet/ip_fw_pfil.c
+++ b/sys/netinet/ip_fw_pfil.c
@ -168,8 +168,10 @@ ipfw_check_in(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
 		if (divert) {
 			*m0 = NULL;
 			return 0;	/* packet consumed */
-		} else
+		} else {
+			args.rule = NULL;
 			goto again;	/* continue with packet */
+		}

 	case IP_FW_NGTEE:
 		if (!NG_IPFW_LOADED)
@ -291,8 +293,10 @@ ipfw_check_out(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
 		if (divert) {
 			*m0 = NULL;
 			return 0;	/* packet consumed */
-		} else
+		} else {
+			args.rule = NULL;
 			goto again;	/* continue with packet */
+		}

 	case IP_FW_NGTEE:
 		if (!NG_IPFW_LOADED)