Date: Tue, 26 Nov 2002 14:13:59 +0100 From: Fabien THOMAS <fabien.thomas@netasq.com> To: freebsd-net@freebsd.org Subject: bpf_tap problem with PKTHDR Message-ID: <127338536921.20021126141359@netasq.com>
next in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format.
------------F117315228876ED6
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
It seems there is a problem in the bpf_mtap code:
Actually the code assume in the seesent case that mbuf will have a pkthdr structure.
There is 2 problems here:
+ they did not check for that with (m_flag & M_PKTHDR)
+ at the upper level the caller forge fake mbuf that did not
contain any pkthdr and did not initialize the m_flags field
what do you think about that ?
if_ethersubr.c case:
/* Check for a BPF tap */
if (ifp->if_bpf != NULL) {
struct m_hdr mh;
/* This kludge is OK; BPF treats the "mbuf" as read-only */
mh.mh_next = m;
mh.mh_data = (char *)eh;
mh.mh_len = ETHER_HDR_LEN;
bpf_mtap(ifp, (struct mbuf *)&mh);
}
bpf_mtap function:
/*
* Incoming linkage from device drivers, when packet is in an mbuf chain.
*/
void
bpf_mtap(ifp, m)
struct ifnet *ifp;
struct mbuf *m;
{
struct bpf_if *bp = ifp->if_bpf;
struct bpf_d *d;
u_int pktlen, slen;
struct mbuf *m0;
pktlen = 0;
for (m0 = m; m0 != 0; m0 = m0->m_next)
pktlen += m0->m_len;
for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
continue;
++d->bd_rcount;
slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
if (slen != 0)
catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
}
}
fabien
------------F117315228876ED6
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIGRgYJKoZIhvcNAQcCoIIGNzCCBjMCAQMxCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCBHEw
ggRtMIIDVaADAgECAgEEMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYDVQQGEwJGUjENMAsGA1UECBME
Tm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNVBAoTJU5FVEFTUSAtIFNlY3Vy
ZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5FVEFTUSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTAeFw0wMjAyMTkxNDQ4NDRaFw0wMzAyMTkxNDQ4NDRaMIHSMQswCQYDVQQGEwJGUjEN
MAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNVBAoTJU5ldEFz
cSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5ldEFzcSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTEWMBQGA1UEAxMNRmFiaWVuIFRIT01BUzEnMCUGCSqGSIb3DQEJARYY
ZmFiaWVuLnRob21hc0BuZXRhc3EuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnmO6H
h5Nm3OOE7+k3zSP3/cWDBGbxVh5PInSwQeKW43cKKE0MH8Y5erHIhVVchaMRsvxBfJrB6T8s2vGN
l+ZRnFVP2Ug8+xLYFFJONlkY1YnHTZJ/VGx/lsf2ZDR7ZKqgcnuvbrLra4Np062oED1xwEpzbJnT
emmbOGTqscUvcwIDAQABo4IBDzCCAQswCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYE
FLJEqzTrOFxg8EONNUey1yGm2kWjMIG+BgNVHSMEgbYwgbOAFCcq6x3ZRNo6F3NqCSAgySWo+X+y
oYGXpIGUMIGRMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2
ZSBkJ0FzY3ExLjAsBgNVBAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkx
JzAlBgNVBAsTHk5FVEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADARBglghkgBhvhCAQEE
BAMCBaAwDQYJKoZIhvcNAQEFBQADggEBAERHjAkf5L/cZH/n0GTKyptbyr4ro7aGfOFyvyTCxeDN
kL3v4gtD2itXx88JbThmsAHAiECjWhI8AUTBRsEpcPa9zbbQEnQqX+cdLnvgaZjCpAErSbrR3TN1
ToSahIFXYc5Ao+1K0fwMdZSmjbPS7J0gZPWdqLLFf214qOmMxAaw3zGRnSmcMUbwKGbfcyMT0KsK
7u82raxnKSgk/VzUzS26aXPbRHW4RguHOY40RLyyZJDjG883uBeOaOLvmmov5eFpcdkHlGav4wun
0ARGo1N/PUo+UntWkzPNWD1EXRxOE0iz3n7Bb8NwlS6A339TSi5lw14SfvbCg28QTfVGFKMxggGd
MIIBmQIBATCBlzCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcTEVZpbGxl
bmV1dmUgZCdBc2NxMS4wLAYDVQQKEyVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQgQ29ubmVjdGl2
aXR5MScwJQYDVQQLEx5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCAQQwCQYFKw4DAhoF
AKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwIwYJKoZIhvcNAQkEMRYEFJMkB5vmkCWo4YI6
vZxv+2zrWFYuMBwGCSqGSIb3DQEJBTEPFw0wMjExMjYxMzEzNTlaMA0GCSqGSIb3DQEBAQUABIGA
A21tb6zGLw2YBM+0Yp6IeZmlJocm5miovKt+NQq3rt2f4vqkKCkNDq62gh0+42Wai0PYlu2J8q38
HUY5VYE6ReOUElCbsV/dTMXN+FUD4g/S/ekWw9kKNjOGfu0+UcTVij3fUu8r7isuja2ZjFdBfAV/
8o8883esKpNVbrvPN24=
------------F117315228876ED6--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?127338536921.20021126141359>