Set M_BCAST and M_MCAST flags on mbuf sent via divert socket.

r290383 has changed how mbufs sent by divert socket are handled. Previously they are always handled by slow path processing in ip_input(). Now ip_tryforward() is invoked from ip_input() before in_broadcast() check. Since diverted packet lost all mbuf flags, it passes the broadcast check in ip_tryforward() due to missing M_BCAST flag. In the result the broadcast packet is forwarded to the wire instead of be consumed by network stack. Add in_broadcast() check to the div_output() function. And restore the M_BCAST flag if destination address is broadcast for the given network interface. PR: 209491 MFC after: 1 week
2017-05-17 09:04:09 +00:00 · 2017-05-17 09:04:09 +00:00 · 38cc96a887
commit 38cc96a887
parent 43af586011
1 changed files with 8 additions and 0 deletions
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@ -481,6 +481,14 @@ div_output(struct socket *so, struct mbuf *m, struct sockaddr_in *sin,
 		/* Send packet to input processing via netisr */
 		switch (ip->ip_v) {
 		case IPVERSION:
+			/*
+			 * Restore M_BCAST flag when destination address is
+			 * broadcast. It is expected by ip_tryforward().
+			 */
+			if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)))
+				m->m_flags |= M_MCAST;
+			else if (in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
+				m->m_flags |= M_BCAST;
 			netisr_queue_src(NETISR_IP, (uintptr_t)so, m);
 			break;
 #ifdef INET6