freebsd-nq/sys/netinet
Ruslan Ermilov 4078ffb154 Make sure the cached forwarding route (ipforward_rt) is still up before
using it.  Not checking this may have caused the wrong IP address to be
used when processing certain IP options (see example below).  This also
caused the wrong route to be passed to ip_output() when forwarding, but
fortunately ip_output() is smart enough to detect this.

This example demonstrates the wrong behavior of the Record Route option
observed with this bug.  Host ``freebsd'' is acting as the gateway for
the ``sysv''.

1. On the gateway, we add the route to the destination.  The new route
   will use the primary address of the loopback interface, 127.0.0.1:

:  freebsd# route add 10.0.0.66 -iface lo0 -reject
:  add host 10.0.0.66: gateway lo0

2. From the client, we ping the destination.  We see the correct replies.
   Please note that this also causes the relevant route on the ``freebsd''
   gateway to be cached in ipforward_rt variable:

:  sysv# ping -snv 10.0.0.66
:  PING 10.0.0.66: 56 data bytes
:  ICMP Host Unreachable from gateway 192.168.0.115
:  ICMP Host Unreachable from gateway 192.168.0.115
:  ICMP Host Unreachable from gateway 192.168.0.115
:
:  ----10.0.0.66 PING Statistics----
:  3 packets transmitted, 0 packets received, 100% packet loss

3. On the gateway, we delete the route to the destination, thus making
   the destination reachable through the `default' route:

:  freebsd# route delete 10.0.0.66
:  delete host 10.0.0.66

4. From the client, we ping destination again, now with the RR option
   turned on.  The surprise here is the 127.0.0.1 in the first reply.
   This is caused by the bug in ip_rtaddr() not checking the cached
   route is still up befor use.  The debug code also shows that the
   wrong (down) route is further passed to ip_output().  The latter
   detects that the route is down, and replaces the bogus route with
   the valid one, so we see the correct replies (192.168.0.115) on
   further probes:

:  sysv# ping -snRv 10.0.0.66
:  PING 10.0.0.66: 56 data bytes
:  64 bytes from 10.0.0.66: icmp_seq=0. time=10. ms
:    IP options:  <record route> 127.0.0.1, 10.0.0.65, 10.0.0.66,
:                                192.168.0.65, 192.168.0.115, 192.168.0.120,
:                                0.0.0.0(Current), 0.0.0.0, 0.0.0.0
:  64 bytes from 10.0.0.66: icmp_seq=1. time=0. ms
:    IP options:  <record route> 192.168.0.115, 10.0.0.65, 10.0.0.66,
:                                192.168.0.65, 192.168.0.115, 192.168.0.120,
:                                0.0.0.0(Current), 0.0.0.0, 0.0.0.0
:  64 bytes from 10.0.0.66: icmp_seq=2. time=0. ms
:    IP options:  <record route> 192.168.0.115, 10.0.0.65, 10.0.0.66,
:                                192.168.0.65, 192.168.0.115, 192.168.0.120,
:                                0.0.0.0(Current), 0.0.0.0, 0.0.0.0
:
:  ----10.0.0.66 PING Statistics----
:  3 packets transmitted, 3 packets received, 0% packet loss
:  round-trip (ms)  min/avg/max = 0/3/10
2001-03-18 13:04:07 +00:00
..
libalias Add a few ``const''s to silence some -Wwrite-strings warnings 2001-01-29 11:44:13 +00:00
accf_data.c Remove headers not needed. 2000-10-07 23:15:17 +00:00
accf_http.c Fix incorrect logic wouldn't disconnect incomming connections that had been 2001-01-03 19:50:23 +00:00
fil.c fix conflicts 2001-02-04 14:26:56 +00:00
icmp6.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
icmp_var.h Clean up RST ratelimiting. Previously, ratelimiting occured before tests 2001-02-11 07:39:51 +00:00
if_atm.c
if_atm.h
if_ether.c Sync with the bridge/dummynet/ipfw code already tested in stable. 2001-02-10 00:10:18 +00:00
if_ether.h
if_fddi.h
igmp_var.h
igmp.c
igmp.h
in_cksum.c
in_gif.c Another round of the <sys/queue.h> FOREACH transmogriffer. 2001-02-04 16:08:18 +00:00
in_gif.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
in_hostcache.c Convert more malloc+bzero to malloc+M_ZERO. 2000-12-08 21:51:06 +00:00
in_hostcache.h
in_pcb.c Fix a style(9) nit. 2001-03-16 19:36:23 +00:00
in_pcb.h Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly. 2001-02-26 21:19:47 +00:00
in_proto.c Make netstat(1) to be aware of divert(4) sockets. 2000-08-03 14:09:52 +00:00
in_rmx.c net/route.c: 2001-03-15 14:52:12 +00:00
in_systm.h
in_var.h Convert if_multiaddrs from LIST to TAILQ so that it can be traversed 2001-02-06 10:12:15 +00:00
in.c <sys/queue.h> makeover. 2001-03-16 20:00:53 +00:00
in.h o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
ip6.h remove m_pulldown statistics, which is highly experimental and does not 2000-07-12 16:39:13 +00:00
ip_auth.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_auth.h fix conflicts from rcsids 2000-10-26 12:33:42 +00:00
ip_compat.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_divert.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
ip_dummynet.c Sync with the bridge/dummynet/ipfw code already tested in stable. 2001-02-10 00:10:18 +00:00
ip_dummynet.h MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately) 2001-02-02 00:18:00 +00:00
ip_ecn.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip_ecn.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip_encap.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
ip_encap.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip_fil.c While I'm here, get rid of (now useless) MCLISREFERENCED and use MEXT_IS_REF 2000-11-11 23:05:59 +00:00
ip_fil.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_flow.c
ip_flow.h
ip_frag.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_frag.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_ftp_pxy.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_fw.c The TCP sequence number used for sending a RST with the ipfw reset rule 2001-03-09 08:13:08 +00:00
ip_fw.h Introduce a new feature in IPFW: Check of the source or destination 2001-02-13 14:12:37 +00:00
ip_icmp.c Make it possible to use IP_TTL and IP_TOS setsockopt(2) options 2001-03-09 12:22:51 +00:00
ip_icmp.h
ip_input.c Make sure the cached forwarding route (ipforward_rt) is still up before 2001-03-18 13:04:07 +00:00
ip_log.c resolve conflicts 2000-08-13 04:31:06 +00:00
ip_mroute.c Fix typo: seperate -> separate. 2001-02-06 11:21:58 +00:00
ip_mroute.h
ip_nat.c fix duplicate rcsid 2001-02-04 15:25:15 +00:00
ip_nat.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_output.c RFC768 (UDP) requires that "if the computed checksum is zero, it 2001-03-13 17:07:06 +00:00
ip_proxy.c
ip_proxy.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_raudio_pxy.c Fix conflicts creted by import. 2000-10-29 07:53:05 +00:00
ip_rcmd_pxy.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_state.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_state.h fix conflicts from rcsids 2000-10-26 12:33:42 +00:00
ip_var.h <sys/queue.h> makeover. 2001-03-16 20:00:53 +00:00
ip.h
ipl.h fix conflicts 2001-02-04 14:26:56 +00:00
ipprotosw.h activate pfil_hooks and covert ipfilter to use it 2000-07-31 13:11:42 +00:00
mlfk_ipl.c fix conflicts 2001-02-04 14:26:56 +00:00
raw_ip.c <sys/queue.h> makeover. 2001-03-16 20:00:53 +00:00
tcp_debug.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
tcp_debug.h
tcp_fsm.h
tcp_input.c Do not delay a new ack if there already is a delayed ack pending on the 2001-02-25 15:17:24 +00:00
tcp_output.c Convert all users of fldoff() to offsetof(). fldoff() is bad 2000-10-27 11:45:49 +00:00
tcp_reass.c Do not delay a new ack if there already is a delayed ack pending on the 2001-02-25 15:17:24 +00:00
tcp_seq.h Use stronger random number generation for TCP_ISSINCR and tcp_iss. 2000-09-29 01:37:19 +00:00
tcp_subr.c <sys/queue.h> makeover. 2001-03-16 20:00:53 +00:00
tcp_timer.c Use more aggressive retransmit timeouts for the initial SYN packet. 2001-02-26 21:33:55 +00:00
tcp_timer.h
tcp_timewait.c <sys/queue.h> makeover. 2001-03-16 20:00:53 +00:00
tcp_usrreq.c Unbreak LINT. 2001-03-12 02:57:42 +00:00
tcp_var.h Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly. 2001-02-26 21:19:47 +00:00
tcp.h o Minor style(9)ism to make consistent with -STABLE 2001-01-09 18:26:17 +00:00
tcpip.h Remove struct full_tcpiphdr{}. 2001-02-26 20:10:16 +00:00
udp_usrreq.c Count and show incoming UDP datagrams with no checksum. 2001-03-13 13:26:06 +00:00
udp_var.h remove unused data structure definition, and corresponding macro into*() 2001-02-18 07:10:03 +00:00
udp.h