Subject: kern/10483: ipflow_fastforward() passes incorrect address to if_output (+fix)
To: None <>
From: None <>
List: netbsd-bugs
Date: 06/29/2000 23:39:13
>Number:         10483
>Category:       kern
>Synopsis:       ipflow_fastforward() passes incorrect address to if_output (+fix)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 29 23:40:00 PDT 2000
>Originator:     Zdenek Salvet
>Release:        1.4.2, -current of 6/29/2000
Masaryk University, Brno, Czech Republic
options GATEWAY

  ipflow_fastforward() passes destination address instead of
  the address of the gateway when using route to gateway.
  The address is used to make the ARP requests after ARP table entry expires.
  If it is incorrect, ARP will fail and all traffic using the gateway
  will stop until correct ARP request is triggered (for tens of seconds
  in my situation).


  machine1# route add -host machine2 router1-int1
  router1# route add -host machine2 router2-int1
  machine1# ttcp -t -u machine2
  router1# arp -d router2-int1         
               # or wait until ARP table entry expires (20 min)

  (diff against 1.4.2)

diff -u netinet/ip_flow.c.orig netinet/ip_flow.c
--- netinet/ip_flow.c.orig      Thu Jun 29 19:18:39 2000
+++ netinet/ip_flow.c   Thu Jun 29 19:32:19 2000
@@ -146,6 +146,7 @@
        struct ip *ip;
        struct ipflow *ipf;
        struct rtentry *rt;
+       struct sockaddr *dst;
        int error;
        int iplen;
@@ -226,8 +227,14 @@
        PRT_SLOW_ARM(ipf->ipf_timer, IPFLOW_TIMER);
+       if (rt->rt_flags & RTF_GATEWAY)
+               dst = rt->rt_gateway;
+       else
+               dst = &ipf->ipf_ro.ro_dst;
        if ((error = (*rt->rt_ifp->if_output)(rt->rt_ifp, m,
-           &ipf->ipf_ro.ro_dst, rt)) != 0) {
+           dst, rt)) != 0) {
                if (error == ENOBUFS)