From owner-freebsd-bugs@FreeBSD.ORG  Sun Apr 27 08:50:01 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4B9381065672
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 27 Apr 2008 08:50:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 27B4B8FC15
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 27 Apr 2008 08:50:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3R8o0VG093040
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 27 Apr 2008 08:50:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3R8o03m093039;
	Sun, 27 Apr 2008 08:50:00 GMT (envelope-from gnats)
Resent-Date: Sun, 27 Apr 2008 08:50:00 GMT
Resent-Message-Id: <200804270850.m3R8o03m093039@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dmitry <hanabana@mail.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2A59F106564A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 27 Apr 2008 08:41:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 1895A8FC13
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 27 Apr 2008 08:41:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3R8fCEr046393
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 27 Apr 2008 08:41:12 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m3R8fCP4046392;
	Sun, 27 Apr 2008 08:41:12 GMT (envelope-from nobody)
Message-Id: <200804270841.m3R8fCP4046392@www.freebsd.org>
Date: Sun, 27 Apr 2008 08:41:12 GMT
From: Dmitry <hanabana@mail.ru>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: kern/123138: bpf incorrectly determines outgoing routed packets as
	incoming when BIOCSDIRECTION is used
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Apr 2008 08:50:01 -0000


>Number:         123138
>Category:       kern
>Synopsis:       bpf incorrectly determines outgoing routed packets as incoming when BIOCSDIRECTION is used
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 27 08:50:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry
>Release:        7.0-STABLE
>Organization:
home
>Environment:
FreeBSD gw 7.0-STABLE FreeBSD 7.0-STABLE #0: Sun Apr 27 11:29:26 MSD 2008 root@kb:/var/tmp/obj/usr/src/sys/KG  i386
>Description:
BPF_CHECK_DIRECTION macros considers packet as outgoing when it has no receive interface field (rcvif) set. This correct for single homed server but is not enough for router. Packet came from one interface and going out another has rcvif field set even when it passed natd daemon.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

--- src/sys/net/bpf.c.orig	2008-04-23 11:41:21.000000000 +0400
+++ src/sys/net/bpf.c	2008-04-27 11:18:20.000000000 +0400
@@ -1330,9 +1330,9 @@
 	}
 }
 
-#define	BPF_CHECK_DIRECTION(d, i)				\
-	    (((d)->bd_direction == BPF_D_IN && (i) == NULL) ||	\
-	    ((d)->bd_direction == BPF_D_OUT && (i) != NULL))
+#define	BPF_CHECK_DIRECTION(d, i, bpi)				\
+	    (((d)->bd_direction == BPF_D_IN && (i) != (bpi)) ||	\
+	    ((d)->bd_direction == BPF_D_OUT && (i) == (bpi)))
 
 /*
  * Incoming linkage from device drivers, when packet is in an mbuf chain.
@@ -1357,7 +1357,7 @@
 
 	BPFIF_LOCK(bp);
 	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
-		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif))
+		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
 			continue;
 		BPFD_LOCK(d);
 		++d->bd_rcount;
@@ -1421,7 +1421,7 @@
 
 	BPFIF_LOCK(bp);
 	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
-		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif))
+		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
 			continue;
 		BPFD_LOCK(d);
 		++d->bd_rcount;


>Release-Note:
>Audit-Trail:
>Unformatted: