On 16.01.2014 22:04, John-Mark Gurney wrote: > Alexander V. Chernikov wrote this message on Thu, Jan 16, 2014 at 11:50 +0000: >> Author: melifaro >> Date: Thu Jan 16 11:50:00 2014 >> New Revision: 260702 >> URL: http://svnweb.freebsd.org/changeset/base/260702 >> >> Log: >> Fix ipfw fwd for IPv4 traffic broken by r249894. >> >> Problem case: >> Original lookup returns route with GW set, so gw points to >> rte->rt_gateway. >> After that we're changing dst and performing lookup another time. >> Since fwd host is most probably directly reachable, resulting >> rte does not contain rt_gateway, so gw is not set. Finally, we >> end with packet transmitted to proper interface but wrong >> link-layer address. >> >> Found by: lstewart >> Discussed with: ae,lstewart >> MFC after: 2 weeks >> Sponsored by: Yandex LLC > > This may be needed for 10.0 as this sounds suspiciously familar to > the recent multicast code that was fixed too... I'll be happy if this can happen, but that's too late :( > > It sounds like someone needs to audit this code to verify that there > are no other code paths that can break because of this. glebius@ did some kind of, but that didn't bring us forward :) >
signature.asc
Description: OpenPGP digital signature
