freebsd-nq/sys
Ruslan Ermilov 4078ffb154 Make sure the cached forwarding route (ipforward_rt) is still up before
using it.  Not checking this may have caused the wrong IP address to be
used when processing certain IP options (see example below).  This also
caused the wrong route to be passed to ip_output() when forwarding, but
fortunately ip_output() is smart enough to detect this.

This example demonstrates the wrong behavior of the Record Route option
observed with this bug.  Host ``freebsd'' is acting as the gateway for
the ``sysv''.

1. On the gateway, we add the route to the destination.  The new route
   will use the primary address of the loopback interface, 127.0.0.1:

:  freebsd# route add 10.0.0.66 -iface lo0 -reject
:  add host 10.0.0.66: gateway lo0

2. From the client, we ping the destination.  We see the correct replies.
   Please note that this also causes the relevant route on the ``freebsd''
   gateway to be cached in ipforward_rt variable:

:  sysv# ping -snv 10.0.0.66
:  PING 10.0.0.66: 56 data bytes
:  ICMP Host Unreachable from gateway 192.168.0.115
:  ICMP Host Unreachable from gateway 192.168.0.115
:  ICMP Host Unreachable from gateway 192.168.0.115
:
:  ----10.0.0.66 PING Statistics----
:  3 packets transmitted, 0 packets received, 100% packet loss

3. On the gateway, we delete the route to the destination, thus making
   the destination reachable through the `default' route:

:  freebsd# route delete 10.0.0.66
:  delete host 10.0.0.66

4. From the client, we ping destination again, now with the RR option
   turned on.  The surprise here is the 127.0.0.1 in the first reply.
   This is caused by the bug in ip_rtaddr() not checking the cached
   route is still up befor use.  The debug code also shows that the
   wrong (down) route is further passed to ip_output().  The latter
   detects that the route is down, and replaces the bogus route with
   the valid one, so we see the correct replies (192.168.0.115) on
   further probes:

:  sysv# ping -snRv 10.0.0.66
:  PING 10.0.0.66: 56 data bytes
:  64 bytes from 10.0.0.66: icmp_seq=0. time=10. ms
:    IP options:  <record route> 127.0.0.1, 10.0.0.65, 10.0.0.66,
:                                192.168.0.65, 192.168.0.115, 192.168.0.120,
:                                0.0.0.0(Current), 0.0.0.0, 0.0.0.0
:  64 bytes from 10.0.0.66: icmp_seq=1. time=0. ms
:    IP options:  <record route> 192.168.0.115, 10.0.0.65, 10.0.0.66,
:                                192.168.0.65, 192.168.0.115, 192.168.0.120,
:                                0.0.0.0(Current), 0.0.0.0, 0.0.0.0
:  64 bytes from 10.0.0.66: icmp_seq=2. time=0. ms
:    IP options:  <record route> 192.168.0.115, 10.0.0.65, 10.0.0.66,
:                                192.168.0.65, 192.168.0.115, 192.168.0.120,
:                                0.0.0.0(Current), 0.0.0.0, 0.0.0.0
:
:  ----10.0.0.66 PING Statistics----
:  3 packets transmitted, 3 packets received, 0% packet loss
:  round-trip (ms)  min/avg/max = 0/3/10
2001-03-18 13:04:07 +00:00
..
alpha Use a generic implementation of the Fowler/Noll/Vo hash (FNV hash). 2001-03-17 09:31:06 +00:00
amd64 Remove the now defunct ATA_ENABLE* options 2001-03-16 11:52:25 +00:00
arm/include Correct disordering which is corresponding to bde's fix to 2001-02-17 14:51:11 +00:00
boot Don't set the gateway address if the netmask is zero or we're on 2001-03-14 23:53:25 +00:00
cam Fix inquiry length detection for the ses(4) driver. It was using the 2001-03-16 22:16:54 +00:00
coda Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
compat Eliminate global node types and instead use an operations vector for 2001-03-12 03:16:56 +00:00
compile
conf Add the AAC_DEBUG option to enable debugging in the aac driver. 2001-03-17 00:09:47 +00:00
contrib/dev Move configuration of work_memory to oltr_init() rather than 2001-03-08 01:38:58 +00:00
crypto Kernel crypto need binary key material, not symbolic ascii. 2001-03-10 13:02:58 +00:00
ddb Use macro API for <sys/queue.h> 2000-12-30 22:06:19 +00:00
dev destroy child devices on detach to prevent ever-increasing numbers of 2001-03-17 16:04:25 +00:00
fs o Change the API and ABI of the Extended Attribute kernel interfaces to 2001-03-15 02:54:29 +00:00
geom Fix a braino in ccd's clone routine. 2001-01-29 06:18:14 +00:00
gnu Fixes to track snapshot copy-on-write checking in the specinfo 2001-03-07 07:09:55 +00:00
i4b Preceed/preceeding are not english words. Use precede or preceding. 2001-02-18 10:25:42 +00:00
i386 Use a generic implementation of the Fowler/Noll/Vo hash (FNV hash). 2001-03-17 09:31:06 +00:00
ia64 Use a generic implementation of the Fowler/Noll/Vo hash (FNV hash). 2001-03-17 09:31:06 +00:00
isa Always call resource_int_value function for getting portsize and msize. 2001-03-17 04:23:12 +00:00
isofs/cd9660 Add missed MODULE_VERSION() call, so loading of unicode conversion routine 2001-03-11 15:28:42 +00:00
kern Fix a couple of things in the internal mbuf allocation interface: 2001-03-17 23:23:24 +00:00
libkern RIP <machine/lock.h>. 2001-02-11 10:44:09 +00:00
miscfs o Change the API and ABI of the Extended Attribute kernel interfaces to 2001-03-15 02:54:29 +00:00
modules Fix the building of the aac driver as a module. Add a comment about enabling 2001-03-17 04:42:33 +00:00
msdosfs Grab the process lock while calling psignal and before calling psignal. 2001-03-07 03:37:06 +00:00
net - Add iso88025_ifdetach(). 2001-03-18 05:43:25 +00:00
netatalk Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
netatm Preceed/preceeding are not english words. Use precede and preceding. 2001-02-18 10:43:53 +00:00
netgraph netgraph.h: 2001-03-10 16:31:00 +00:00
netinet Make sure the cached forwarding route (ipforward_rt) is still up before 2001-03-18 13:04:07 +00:00
netinet6 nuke IPSEC_SRCSEL which does not do the right thing. 2001-03-16 17:52:48 +00:00
netipx Another round of the <sys/queue.h> FOREACH transmogriffer. 2001-02-04 16:08:18 +00:00
netkey fixed possibility of panic at key_acquire(). 2001-01-14 17:25:08 +00:00
netnatm Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
netncp Major update of NCP requester: 2001-03-10 05:24:45 +00:00
netns * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. 2000-12-21 21:44:31 +00:00
nfs Use a generic implementation of the Fowler/Noll/Vo hash (FNV hash). 2001-03-17 09:31:06 +00:00
nfsclient Use a generic implementation of the Fowler/Noll/Vo hash (FNV hash). 2001-03-17 09:31:06 +00:00
nfsserver Use a generic implementation of the Fowler/Noll/Vo hash (FNV hash). 2001-03-17 09:31:06 +00:00
ntfs Reviewed by: jlemon 2001-03-01 21:00:17 +00:00
nwfs Do not kill vnodes after rename. This can cause deadlocks in the deadfs. 2001-03-11 11:51:42 +00:00
pc98 Merged from sys/i386/conf/GENERIC revision 1.305 (moved the fxp driver 2001-03-17 14:04:24 +00:00
pccard Move ti1031 to the 16-bit bridge section 2001-02-07 01:16:40 +00:00
pci Add a placeholder for the ServerWorks OSB4 device id. The SMBus 2001-03-15 06:56:51 +00:00
posix4 Lock need_resched with sched_lock. 2001-02-22 13:46:09 +00:00
powerpc Use a generic implementation of the Fowler/Noll/Vo hash (FNV hash). 2001-03-17 09:31:06 +00:00
rpc
svr4 This patchset fixes a large number of file descriptor race conditions. 2000-11-18 21:01:04 +00:00
sys Add a new entrypoint to the hashes in libmd: 2001-03-17 10:00:50 +00:00
tools Simplify this a bit so that it doesn't have to generate silly redundant 2000-12-06 06:59:38 +00:00
ufs o Caused FFS_EXTATTR_AUTOSTART to scan two sub-directories of ".attribute" 2001-03-18 04:04:23 +00:00
vm Fix a lock reversal problem in the VM subsystem related to threaded 2001-03-14 06:48:53 +00:00
Makefile