Date: Tue, 23 Nov 2010 16:21:35 +0800 From: Adrian Chadd <adrian.chadd@gmail.com> To: FreeBSD Net <freebsd-net@freebsd.org> Cc: Luigi Rizzo <rizzo@iet.unipi.it> Subject: Re: ipfw and bridge: unaligned payload pointers panicing perfectly performing MIPS boxes Message-ID: <AANLkTikrfWi9LgX8qKD85o6NTZo89iZF1QsQpLnHgAsU@mail.gmail.com> In-Reply-To: <AANLkTi=qr1-m%2Bq=QMFNAMjM_i_wPgNXsPQ%2B6rfN_tc2L@mail.gmail.com> References: <AANLkTi=qr1-m%2Bq=QMFNAMjM_i_wPgNXsPQ%2B6rfN_tc2L@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi again, bz and I have done a bit of sleuthing. There's a few problems! Firstly - bridge_pfil() in sys/net/if_bridge.c calls a couple of functions to check the validity and alignment of ipv4/ipv6 packets (ie, bridge_ip_checkbasic() and bridge_ip6_checkbasic().) But bridge_ip6_checkbasic() is only called if the kernel is compiled with INET6. This MIPS platform I'm working on currently doesn't have INET6 compiled in, so: * IPv6 packet arrives in if_bridge * It doesn't get passed to bridge_ip6_checkbasic() * It gets punted to ipfw_chk() (I have net.link.bridge.ipfw set to 1) * ipfw_chk() sees the ethertype being IPv6 so it does the check whether the IP header version is IPv6 = but at that stage (struct ip *) ip is unaligned and an exception occurs. The fix - compile in INET6. :-/ I'd like to not rely on that though! Secondly - other misaligned packets were sneaking in. That's fine for now - the payload shouldn't be being fondled. But the ethertype was garbage. What bz and I found is that it's a SNAP packet (the ethertype being 0x001b) and although if_bridge.c::bridge_pfil() strips the SNAP header from the mbuf, the copy of the ethernet header it passes to ipfw_chk() still has the old ethertype set. Suggestion - when stripping off the SNAP header, set eh2.ether_type to the "correct" ether type, rather than the SNAP length field. 2c, Adrian Adrian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikrfWi9LgX8qKD85o6NTZo89iZF1QsQpLnHgAsU>