From 9bce005e3609df283150201442d49e8714e4b5c3 Mon Sep 17 00:00:00 2001
From: YONETANI Tomokazu <y0netan1@dragonflybsd.org>
Date: Wed, 14 Jun 2006 04:39:05 +0000
Subject: [PATCH] Add a new flag in pkthdr.fw_flag for ipfw2 so as not to abuse
 mbuf flag. We use bit14 of mbuf flag as M_EXT_CLUSTER, which is not supposed
 to be set without M_EXT, so abusing this bit resulted in a panic in m_free().

Suggested-by: joerg@
Ok: dillon@
---
 sys/net/ipfw/ip_fw2.c | 14 +++-----------
 sys/sys/mbuf.h        |  3 ++-
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/sys/net/ipfw/ip_fw2.c b/sys/net/ipfw/ip_fw2.c
index 0a924a87eb..083d770053 100644
--- a/sys/net/ipfw/ip_fw2.c
+++ b/sys/net/ipfw/ip_fw2.c
@@ -23,7 +23,7 @@
  * SUCH DAMAGE.
  *
  * $FreeBSD: src/sys/netinet/ip_fw2.c,v 1.6.2.12 2003/04/08 10:42:32 maxim Exp $
- * $DragonFly: src/sys/net/ipfw/ip_fw2.c,v 1.17 2005/06/17 19:12:19 dillon Exp $
+ * $DragonFly: src/sys/net/ipfw/ip_fw2.c,v 1.18 2006/06/14 04:39:05 y0netan1 Exp $
  */
 
 #define        DEB(x)
@@ -77,14 +77,6 @@
 
 #include <netinet/if_ether.h> /* XXX for ETHERTYPE_IP */
 
-/*
- * XXX This one should go in sys/mbuf.h. It is used to avoid that
- * a firewall-generated packet loops forever through the firewall.
- */
-#ifndef	M_SKIP_FIREWALL
-#define M_SKIP_FIREWALL         0x4000
-#endif
-
 /*
  * set_disable contains one bit per set value (0..31).
  * If the bit is set, all rules with the corresponding set
@@ -1120,7 +1112,7 @@ send_pkt(struct ipfw_flow_id *id, u_int32_t seq, u_int32_t ack, int flags)
 	ip->ip_len = m->m_pkthdr.len;
 	bzero (&sro, sizeof (sro));
 	ip_rtaddr(ip->ip_dst, &sro);
-	m->m_flags |= M_SKIP_FIREWALL;
+	m->m_pkthdr.fw_flags |= IPFW_MBUF_SKIP_FIREWALL;
 	ip_output(m, NULL, &sro, 0, NULL, NULL);
 	if (sro.ro_rt)
 		RTFREE(sro.ro_rt);
@@ -1296,7 +1288,7 @@ ipfw_chk(struct ip_fw_args *args)
 	int dyn_dir = MATCH_UNKNOWN;
 	ipfw_dyn_rule *q = NULL;
 
-	if (m->m_flags & M_SKIP_FIREWALL)
+	if (m->m_pkthdr.fw_flags & IPFW_MBUF_SKIP_FIREWALL)
 		return 0;	/* accept */
 	/*
 	 * dyn_dir = MATCH_UNKNOWN when rules unchecked,
diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h
index b33003d6c0..db9c9fa1b7 100644
--- a/sys/sys/mbuf.h
+++ b/sys/sys/mbuf.h
@@ -34,7 +34,7 @@
  *
  *	@(#)mbuf.h	8.5 (Berkeley) 2/19/95
  * $FreeBSD: src/sys/sys/mbuf.h,v 1.44.2.17 2003/04/15 06:15:02 silby Exp $
- * $DragonFly: src/sys/sys/mbuf.h,v 1.35 2006/05/21 03:43:47 dillon Exp $
+ * $DragonFly: src/sys/sys/mbuf.h,v 1.36 2006/06/14 04:39:05 y0netan1 Exp $
  */
 
 #ifndef _SYS_MBUF_H_
@@ -234,6 +234,7 @@ struct mbuf {
 				0x00000008
 #define	PF_MBUF_FRAGCACHE	0x00000010
 #define	ALTQ_MBUF_TAGGED	0x00000020	/* altq_qid is valid */
+#define	IPFW_MBUF_SKIP_FIREWALL	0x00000040
 
 /*
  * mbuf types.
-- 
2.41.0