11.1/ipfilter-local-output-tcp-checksum.diff - freebsd-patches - Rivoreo Source Code Repositories

 Make fastroute for local output TCP packets work.

 diff -ru --exclude-from freebsd-src-diff-exclude-names /usr/src/sys/contrib/ipfilter/netinet/fil.c freebsd-11.1/sys/contrib/ipfilter/netinet/fil.c
 --- /usr/src/sys/contrib/ipfilter/netinet/fil.c	2017-07-21 07:41:56.000000000 +0800
 +++ freebsd-11.1/sys/contrib/ipfilter/netinet/fil.c	2020-01-26 00:06:12.922137000 +0800
 @@ -3242,6 +3242,25 @@
  		} else if ((fdp != NULL) && (fdp->fd_ptr != NULL) &&
  			   (fdp->fd_ptr != (struct ifnet *)-1)) {
  			/* this is for to rules: */
 +			if(out && fin->fin_p == IPPROTO_TCP) {
 +				uint16_t *sum = &((tcphdr_t *)fin->fin_dp)->th_sum;
 +#ifdef __FreeBSD_kernel__
 +				/* Local local output TCP packets in kFreeBSD
 +				 * will have a pseudo header checksum already
 +				 * calculated; the final checksum must be
 +				 * calculated again here.
 +				 */
 +				if(*sum == in_pseudo(fin->fin_ip->ip_src.s_addr,
 +				  fin->fin_ip->ip_dst.s_addr,
 +				  htons(IPPROTO_TCP + ntohs(fin->fin_ip->ip_len) - fin->fin_hlen))) {
 +					*sum = 0;
 +				}
 +#endif
 +				if(!*sum) {
 +					*sum = fr_cksum(fin, fin->fin_ip,
 +						IPPROTO_TCP, fin->fin_dp);
 +				}
 +			}
  			ipf_fastroute(fin->fin_m, mp, fin, fdp);
  			m = *mp = NULL;
  		}
 diff -ru --exclude-from freebsd-src-diff-exclude-names /usr/src/sys/contrib/ipfilter/netinet/ip_compat.h freebsd-11.1/sys/contrib/ipfilter/netinet/ip_compat.h
 --- /usr/src/sys/contrib/ipfilter/netinet/ip_compat.h	2017-07-21 07:41:56.000000000 +0800
 +++ freebsd-11.1/sys/contrib/ipfilter/netinet/ip_compat.h	2020-01-26 00:06:12.925665000 +0800
 @@ -117,6 +117,10 @@
  /* ----------------------------------------------------------------------- */
  /*                                F R E E B S D                            */
  /* ----------------------------------------------------------------------- */
 +#if defined __FreeBSD__ && !defined __FreeBSD_kernel__
 +#define __FreeBSD_kernel__ 1
 +#endif
 +//#ifdef __FreeBSD_kernel__
  # define HAS_SYS_MD5_H	1
  # if defined(_KERNEL)
  #   include "opt_bpf.h"
 @@ -244,6 +248,7 @@
  typedef	int		minor_t;
  typedef	u_int32_t	u_32_t;
  # define	U_32_T	1
 +//#endif	/* __FreeBSD_kernel__ */


  /* ----------------------------------------------------------------------- */
	Make fastroute for local output TCP packets work.

	diff -ru --exclude-from freebsd-src-diff-exclude-names /usr/src/sys/contrib/ipfilter/netinet/fil.c freebsd-11.1/sys/contrib/ipfilter/netinet/fil.c
	--- /usr/src/sys/contrib/ipfilter/netinet/fil.c 2017-07-21 07:41:56.000000000 +0800
	+++ freebsd-11.1/sys/contrib/ipfilter/netinet/fil.c 2020-01-26 00:06:12.922137000 +0800
	@@ -3242,6 +3242,25 @@
	} else if ((fdp != NULL) && (fdp->fd_ptr != NULL) &&
	(fdp->fd_ptr != (struct ifnet *)-1)) {
	/* this is for to rules: */
	+ if(out && fin->fin_p == IPPROTO_TCP) {
	+ uint16_t sum = &((tcphdr_t )fin->fin_dp)->th_sum;
	+#ifdef __FreeBSD_kernel__
	+ /* Local local output TCP packets in kFreeBSD
	+ * will have a pseudo header checksum already
	+ * calculated; the final checksum must be
	+ * calculated again here.
	+ */
	+ if(*sum == in_pseudo(fin->fin_ip->ip_src.s_addr,
	+ fin->fin_ip->ip_dst.s_addr,
	+ htons(IPPROTO_TCP + ntohs(fin->fin_ip->ip_len) - fin->fin_hlen))) {
	+ *sum = 0;
	+ }
	+#endif
	+ if(!*sum) {
	+ *sum = fr_cksum(fin, fin->fin_ip,
	+ IPPROTO_TCP, fin->fin_dp);
	+ }
	+ }
	ipf_fastroute(fin->fin_m, mp, fin, fdp);
	m = *mp = NULL;
	}
	diff -ru --exclude-from freebsd-src-diff-exclude-names /usr/src/sys/contrib/ipfilter/netinet/ip_compat.h freebsd-11.1/sys/contrib/ipfilter/netinet/ip_compat.h
	--- /usr/src/sys/contrib/ipfilter/netinet/ip_compat.h 2017-07-21 07:41:56.000000000 +0800
	+++ freebsd-11.1/sys/contrib/ipfilter/netinet/ip_compat.h 2020-01-26 00:06:12.925665000 +0800
	@@ -117,6 +117,10 @@
	/* ----------------------------------------------------------------------- */
	/* F R E E B S D */
	/* ----------------------------------------------------------------------- */
	+#if defined __FreeBSD__ && !defined __FreeBSD_kernel__
	+#define __FreeBSD_kernel__ 1
	+#endif
	+//#ifdef __FreeBSD_kernel__
	# define HAS_SYS_MD5_H 1
	# if defined(_KERNEL)
	# include "opt_bpf.h"
	@@ -244,6 +248,7 @@
	typedef int minor_t;
	typedef u_int32_t u_32_t;
	# define U_32_T 1
	+//#endif /* __FreeBSD_kernel__ */


	/* ----------------------------------------------------------------------- */