diff options
| author |   dlg <dlg@openbsd.org> | 2017-11-13 01:24:09 +0000 |
|---|---|---|
| committer | dlg <dlg@openbsd.org> | 2017-11-13 01:24:09 +0000 |
| commit | 362ce9b238c400e2dcfd212d7874f1f0cd799cc1 (patch) | |
| tree | fab48428c1ae92d86c4572f180041234208377b7 | |
| parent | Remove HN_DIR variable and expand it in the only place it was used. It (diff) | |
| download | wireguard-openbsd-362ce9b238c400e2dcfd212d7874f1f0cd799cc1.tar.xz wireguard-openbsd-362ce9b238c400e2dcfd212d7874f1f0cd799cc1.zip | |
remove the ability for pf_ouraddr to say that a packet is forwarded.
having pf_ouraddr say a packet is forwarded let's in_ouraddr avoid
doing a route lookup for the packet. however, because it is forwarded
we need to do a route lookup in ip_output anyway to know where it
goes.
in_ouraddr does a bunch of extra checks on the result of the route
lookup that ip_output does not do though, including special handling
of ip_directedbroadcast and M_BCAST. if you have directed broadcast
enabled and do not do these checks, the ethernet layer will loop a
copy of broadcast packets back into the stack recursively which
can blow the thread stack in the kernel.
discussed with jmatthew@, sashan@, and henning@
ok mpi@
diagnosing this led to the enabling of a guard page on amd64 kernel
stacks, which was necessary for correctly identifying this problem.
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 27cd34c3b52..cf8cdc08674 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1043 2017/10/31 22:05:12 sashan Exp $ */ +/* $OpenBSD: pf.c,v 1.1044 2017/11/13 01:24:09 dlg Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -7089,10 +7089,6 @@ pf_ouraddr(struct mbuf *m) if (sk != NULL) { if (sk->inp != NULL) return (1); - - /* If we have linked state keys it is certainly forwarded. */ - if (sk->reverse != NULL) - return (0); } return (-1); |