Packets from ipfw come with IP header in host byte order. Netgraph works

with net byte order. Change byte order to net in ng_ipfw_input(), change
byte order to host before ip_output(), do not change before ip_input().

In collaboration with:	ru

1 files changed, 12 insertions, 9 deletions

diff --git a/sys/netgraph/ng_ipfw.c b/sys/netgraph/ng_ipfw.c
index b70c8d76b2f2..e7325dc70ee2 100644
--- a/sys/netgraph/ng_ipfw.c
+++ b/sys/netgraph/ng_ipfw.c
@@ -228,19 +228,17 @@ ng_ipfw_rcvdata(hook_p hook, item_p item)
 
 	switch (ngit->dir) {
 	case NG_IPFW_OUT:
-		return ip_output(m, NULL, NULL, ngit->flags, NULL, NULL);
+	    {
+		struct ip *ip = mtod(m, struct ip *);
 
-	case NG_IPFW_IN:
-	 {
-		struct ip *ip;
+		ip->ip_len = ntohs(ip->ip_len);
+		ip->ip_off = ntohs(ip->ip_off);
 
-		ip = mtod(m, struct ip *);
-		ip->ip_len = htons(ip->ip_len);
-		ip->ip_off = htons(ip->ip_off);
+		return ip_output(m, NULL, NULL, ngit->flags, NULL, NULL);
+	    }
+	case NG_IPFW_IN:
 		ip_input(m);
-
 		return (0);
-	 }
 	default:
 		panic("ng_ipfw_rcvdata: bad dir %u", ngit->dir);
 	}	
@@ -254,6 +252,7 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee)
 {
 	struct mbuf *m;
 	struct ng_ipfw_tag *ngit;
+	struct ip *ip;
 	hook_p	hook;
 	int error = 0;
 
@@ -292,6 +291,10 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee)
 		if ((m = m_dup(*m0, M_DONTWAIT)) == NULL)
 			return (ENOMEM);	/* which is ignored */
 
+	ip = mtod(m, struct ip *);
+	ip->ip_len = htons(ip->ip_len);
+	ip->ip_off = htons(ip->ip_off);
+
 	NG_SEND_DATA_ONLY(error, hook, m);
 
 	return (error);