tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys/external/bsd/ipf/netinet

I know we're supposed to use npf and all, but...

> Module Name:	src
> Committed By:	christos
> Date:		Fri Aug  5 09:06:52 UTC 2016
> Modified Files:
> 	src/sys/external/bsd/ipf/netinet: fil.c
> Log Message:
> partial sync with FreeBSD
This commit made the following change to src/sys/external/bsd/ipf/netinet/fil.c:
@@ -1685,7 +1709,7 @@ ipf_pr_ipv4hdr(fr_info_t *fin)
        fin->fin_crc += fi->fi_saddr;
        fi->fi_daddr = ip->ip_dst.s_addr;
        fin->fin_crc += fi->fi_daddr;
-       if (IN_CLASSD(fi->fi_daddr))
+       if (IN_CLASSD(ntohl(fi->fi_daddr)))
                fin->fin_flx |= FI_MULTICAST|FI_MBCAST;

This leads to addresses like being wrongly considered
multicast (being byte-order reversed versions of what would actually
be mcast addrs), therefore not matching my filter rules and therefore
not adding anything to the state table and /there/fore breaking
connectivity to anyone unlucky enough to have such an IP address.

(Found this in 8.0_BETA)

Timo Buhrmester

Home | Main Index | Thread Index | Old Index