Correct a problem where ipfw-generated packets were being returned
for ipfw processing w/o an indication the packets were generated by ipfw--and so should not be processed (this manifested itself as a LOR.) The flag bit in the mbuf that was used to mark the packets was not listed in M_COPYFLAGS so if a packet had a header prepended (as done by IPsec) the flag was lost. Correct this by defining a new M_PROTO6 flag and use it to mark packets that need this processing. Reviewed by: bms Approved by: re (rwatson) MFC after: 2 weeks
This commit is contained in:
Sam Leffler
parent
289b28bd99
commit
6714d7c751
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=122971
@ -82,12 +82,16 @@
|
||||
#include <machine/in_cksum.h> /* XXX for in_cksum */
|
||||
|
||||
/*
|
||||
* XXX This one should go in sys/mbuf.h. It is used to avoid that
|
||||
* a firewall-generated packet loops forever through the firewall.
|
||||
* This is used to avoid that a firewall-generated packet
|
||||
* loops forever through the firewall. Note that it must
|
||||
* be a flag that is unused by other protocols that might
|
||||
* be called from ip_output (e.g. IPsec) and it must be
|
||||
* listed in M_COPYFLAGS in mbuf.h so that if the mbuf chain
|
||||
* is altered on the way through ip_output it is not lost.
|
||||
* It might be better to add an m_tag since the this happens
|
||||
* infrequently.
|
||||
*/
|
||||
#ifndef M_SKIP_FIREWALL
|
||||
#define M_SKIP_FIREWALL 0x4000
|
||||
#endif
|
||||
#define M_SKIP_FIREWALL M_PROTO6
|
||||
|
||||
/*
|
||||
* set_disable contains one bit per set value (0..31).
|
||||
|
||||
@ -153,6 +153,7 @@ struct mbuf {
|
||||
#define M_PROTO3 0x0040 /* protocol-specific */
|
||||
#define M_PROTO4 0x0080 /* protocol-specific */
|
||||
#define M_PROTO5 0x0100 /* protocol-specific */
|
||||
#define M_PROTO6 0x4000 /* protocol-specific (avoid M_BCAST conflict) */
|
||||
#define M_FREELIST 0x8000 /* mbuf is on the free list */
|
||||
|
||||
/*
|
||||
@ -178,8 +179,8 @@ struct mbuf {
|
||||
* Flags copied when copying m_pkthdr.
|
||||
*/
|
||||
#define M_COPYFLAGS (M_PKTHDR|M_EOR|M_RDONLY|M_PROTO1|M_PROTO1|M_PROTO2|\
|
||||
M_PROTO3|M_PROTO4|M_PROTO5|M_BCAST|M_MCAST|\
|
||||
M_FRAG|M_FIRSTFRAG|M_LASTFRAG)
|
||||
M_PROTO3|M_PROTO4|M_PROTO5|M_PROTO6|\
|
||||
M_BCAST|M_MCAST|M_FRAG|M_FIRSTFRAG|M_LASTFRAG)
|
||||
|
||||
/*
|
||||
* Flags indicating hw checksum support and sw checksum requirements.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user