Re: kern/52074: -current npf map directive broken

To: Frank Kardel <kardel%netbsd.org@localhost>, roy%netbsd.org@localhost
Subject: Re: kern/52074: -current npf map directive broken
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Sun, 7 May 2017 17:28:04 +0100

>  The condition in 620 currently is (see if()):
>       ia = in_get_ia_psref(ip->ip_src, &psref_ia);
>  
>       /* Ensure we only send from a valid address. */==>
>       if ((ia != NULL || (flags & IP_FORWARDING) == 0) && <<<<!
>           (error = ip_ifaddrvalid(ia)) != 0)
>       {
>           ARPLOG(LOG_ERR,
>               "refusing to send from invalid address %s (pid %d)\n",
>               ARPLOGADDR(ip->ip_src), curproc->p_pid);
>           IP_STATINC(IP_STAT_ODROPPED);
>           if (error == 1)
>               /*
>                * Address exists, but is tentative or detached.
>                * We can't send from it because it's invalid,
>                * so we drop the packet.
>                */
>               error = 0;
>           else
>               error = EADDRNOTAVAIL;
>           goto bad;
>       }
>  
>  Proposed fix is to replace the || inf the if with && as this also seems 
>  to have been the original intention by the author.

Good catch.

Looks like the regression was introduced 7 months ago, as part of the
ip_output.c rev 1.261.  Roy, would you like to have a look into this?

-- 
Mindaugas

Follow-Ups:
- Re: kern/52074: -current npf map directive broken
  - From: Roy Marples

Prev by Date: Re: bin/52216: Make update: PKG_PATH error
Next by Date: PR/52074 CVS commit: src/sys/netinet
Previous by Thread: Re: kern/52074: -current npf map directive broken
Next by Thread: Re: kern/52074: -current npf map directive broken
Indexes:

Home | Main Index | Thread Index | Old Index