From nobody@FreeBSD.org  Thu Feb 23 15:04:44 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A141C16A420
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 23 Feb 2006 15:04:44 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D52543D53
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 23 Feb 2006 15:04:43 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k1NF4g4r000414
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 23 Feb 2006 15:04:42 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k1NF4gu7000413;
	Thu, 23 Feb 2006 15:04:42 GMT
	(envelope-from nobody)
Message-Id: <200602231504.k1NF4gu7000413@www.freebsd.org>
Date: Thu, 23 Feb 2006 15:04:42 GMT
From: Joerg Pernfuss <elessar@bsdforen.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] dummynet changes ip_id, breaking fragment reassembly
X-Send-Pr-Version: www-2.3

>Number:         93754
>Category:       kern
>Synopsis:       [inet] [patch] dummynet changes ip_id, breaking fragment reassembly
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    glebius
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 23 15:10:02 GMT 2006
>Closed-Date:    Mon Feb 27 17:25:23 GMT 2006
>Last-Modified:  Mon Feb 27 17:25:23 GMT 2006
>Originator:     Joerg Pernfuss
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
>Description:
"When forwarding fragmented packets through a dummynet pipe (ip_input -> ip_forward -> ip_output -> pipe -> ip_output) the last ip_output() in the chain that does the actual IP delivery sets ip_id of all fragments to different values, making it impossible to reassemble the packet at receive side."
(Taken from ru@'s description of the releng_6 patch)

A patch for RELENG_6 was already committed. The patch below is based on that commit, stripped of the ipv6 case (releng_5 has no dummynet ipv6) and the netgraph stuff (netgraph/ng_ipfw.[ch] was introduced with releng_6).

The problem was raised on de-bsd-questions@, i run 6.0-STABLE, so no uname(1) provided.
>How-To-Repeat:
Send fragmented ip packets through a dummynet pipe.
>Fix:
Either:
a) update your system to releng_6 after 2006-02-17 (problem was fixed there)

b) apply the following patch:
   cd /sys/inet; patch < /location/of/patch;
   rebuild your kernel, reboot

--- ip_dummynet.c       Tue Feb 21 01:01:23 2006
+++ ip_dummynet.c       Tue Feb 21 01:13:00 2006
@@ -453,7 +453,7 @@
        DUMMYNET_UNLOCK();
        switch (pkt->dn_dir) {
        case DN_TO_IP_OUT:
-           (void)ip_output(m, NULL, NULL, pkt->flags, NULL, NULL);
+           (void)ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
            break ;
 
        case DN_TO_IP_IN :
@@ -1128,7 +1128,6 @@
  *             NULL in ip_input, destination interface in ip_output,
  *             real_dst in bdg_forward
  * rule                matching rule, in case of multiple passes
- * flags       flags from the caller, only used in ip_output
  *
  */
 static int
@@ -1212,8 +1211,6 @@
     pkt->dn_dir = dir ;
 
     pkt->ifp = fwa->oif;
-    if (dir == DN_TO_IP_OUT)
-       pkt->flags = fwa->flags;
     if (q->head == NULL)
        q->head = m;
     else
--- ip_dummynet.h       Tue Feb 21 01:24:10 2006
+++ ip_dummynet.h       Tue Feb 21 01:28:26 2006
@@ -129,7 +129,6 @@
 
     dn_key output_time;                /* when the pkt is due for delivery     */
     struct ifnet *ifp;         /* interface, for ip_output             */
-    int flags ;                        /* flags, for ip_output (IPv6 ?)        */
 };
 #endif /* _KERNEL */
 
--- ip_fw.h     Tue Feb 21 01:25:14 2006
+++ ip_fw.h     Tue Feb 21 01:26:16 2006
@@ -435,8 +435,6 @@
        struct ip_fw    *rule;          /* matching rule                */
        struct ether_header *eh;        /* for bridged packets          */
 
-       int flags;                      /* for dummynet                 */
-
        struct ipfw_flow_id f_id;       /* grabbed from IP header       */
        u_int32_t       retval;
        struct inpcb    *inp;

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ru 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Sun Feb 26 11:37:56 UTC 2006 
Responsible-Changed-Why:  
Let Ruslan merge to RELENG_5, too. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93754 
State-Changed-From-To: open->closed 
State-Changed-By: glebius 
State-Changed-When: Mon Feb 27 17:23:44 UTC 2006 
State-Changed-Why:  
Merged to RELENG_5. Thanks! 


Responsible-Changed-From-To: ru->glebius 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Mon Feb 27 17:23:44 UTC 2006 
Responsible-Changed-Why:  
Merged to RELENG_5. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93754 
>Unformatted:
