IPFW2 layer2 filtering broken - PATCH
Gary Allan
dragonfly at gallan.plus.com
Sun Jan 23 14:25:38 PST 2005
Hello,
I've been experiencing a problem in that all incoming packets are being
dropped when IPFW2 and sysctl net.link.ether.ipfw=1 are enabled. I've
traced the problem to /usr/src/sys/net/if_ethersubr.c and think I've
solved the problem (8Gb of file copying over wi0 without issues). Could
somebody who understands this better than me take a look?
I narrowed the problem to the following section and compared it to the
FreeBSD 4-STABLE sources.
diff -ruN if_ethersubr.c if_ethersubr.c.new
--- if_ethersubr.c 2005-01-06 09:14:13.000000000 +0000
+++ if_ethersubr.c.new 2005-01-23 21:52:33.000000000 +0000
@@ -677,10 +677,10 @@
post_stats:
if (IPFW_LOADED && ether_ipfw != 0) {
if (!ether_ipfw_chk(&m, NULL, &rule, eh, FALSE)) {
- m_freem(m);
+ if (m != NULL)
+ m_freem(m);
return;
}
- eh = mtod(m, struct ether_header *);
}
ether_type = ntohs(eh->ether_type);
There is also another section that calls ether_ipfw_chk() where there is
a second "eh = mtod(m, struct ether_header *);" (Line 405) not present
in the FreeBSD code. Removing it seems to have no effect.
Regards
G.Allan
More information about the Bugs
mailing list