From owner-freebsd-hackers  Tue Oct 27 00:45:24 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA27243
          for freebsd-hackers-outgoing; Tue, 27 Oct 1998 00:45:24 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA27238
          for <hackers@freebsd.org>; Tue, 27 Oct 1998 00:45:23 -0800 (PST)
          (envelope-from xroot@implode.root.com)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id AAA09535;
	Tue, 27 Oct 1998 00:45:00 -0800 (PST)
Message-Id: <199810270845.AAA09535@implode.root.com>
To: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
cc: hackers@FreeBSD.ORG
Subject: Re: Potential problem with network drivers in promisc mode 
In-reply-to: Your message of "Tue, 27 Oct 1998 07:25:26 +0100."
             <199810270625.HAA03642@labinfo.iet.unipi.it> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Tue, 27 Oct 1998 00:44:59 -0800
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>accept also RUNT pkts and those with bad CRCs. This means that very
>short packets may make it up to the point where the card prepares for
>ether_input(), and the usual action there is something like
>
>	ms->m_pkthdr.len -= sizeof(struct ether_header);
>
>etc.. If m_pkthdr.len < 14, this results in a very large value going
>into m_pkthdr.len (u_short), with all sort of interesting consequences.
...
> * disable RUNT reception when in promisc mode (I am not sure if this
>   is a standard bpf option, or just happens to be implemented in the
>   "ed" driver for convenience);

   I haven't verified this with the NIC spec, but I don't think it will ever
pass packets that are smaller than 14 bytes since the packets must still
conform to the 802.3 spec.
   Still, I think it would be best to check the length and drop the packet
if it is less than 14 bytes. I don't think it is wise to always believe what
the hardware tells you. I do the check in the fxp driver, but I see that
this is an exception for FreeBSD drivers.

-DG

David Greenman
Co-founder/Principal Architect, The FreeBSD Project

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message