From owner-freebsd-net Tue Nov 26 5:14:51 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E9A237B404 for ; Tue, 26 Nov 2002 05:14:48 -0800 (PST) Received: from smtp.completel.fr (smtp.completel.fr [213.244.0.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C7F243E4A for ; Tue, 26 Nov 2002 05:14:37 -0800 (PST) (envelope-from fabien.thomas@netasq.com) Received: from netasq.com (unknown [213.30.137.178]) by smtp.completel.fr (Postfix) with ESMTP id AA66D179D83 for ; Tue, 26 Nov 2002 14:14:25 +0100 (CET) Received: from netasq.com by completel.fr (8.10.1/8.10.1) with ESMTP id gAQDEx223726 for ; Tue, 26 Nov 2002 14:14:59 +0100 (CET) Date: Tue, 26 Nov 2002 14:13:59 +0100 From: Fabien THOMAS X-Mailer: The Bat! (v1.61) Business Organization: NETASQ X-Priority: 3 (Normal) Message-ID: <127338536921.20021126141359@netasq.com> To: freebsd-net@freebsd.org Subject: bpf_tap problem with PKTHDR MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="----------F117315228876ED6" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a cryptographically signed message in MIME format. ------------F117315228876ED6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, It seems there is a problem in the bpf_mtap code: Actually the code assume in the seesent case that mbuf will have a pkthdr structure. There is 2 problems here: + they did not check for that with (m_flag & M_PKTHDR) + at the upper level the caller forge fake mbuf that did not contain any pkthdr and did not initialize the m_flags field what do you think about that ? if_ethersubr.c case: /* Check for a BPF tap */ if (ifp->if_bpf != NULL) { struct m_hdr mh; /* This kludge is OK; BPF treats the "mbuf" as read-only */ mh.mh_next = m; mh.mh_data = (char *)eh; mh.mh_len = ETHER_HDR_LEN; bpf_mtap(ifp, (struct mbuf *)&mh); } bpf_mtap function: /* * Incoming linkage from device drivers, when packet is in an mbuf chain. */ void bpf_mtap(ifp, m) struct ifnet *ifp; struct mbuf *m; { struct bpf_if *bp = ifp->if_bpf; struct bpf_d *d; u_int pktlen, slen; struct mbuf *m0; pktlen = 0; for (m0 = m; m0 != 0; m0 = m0->m_next) pktlen += m0->m_len; for (d = bp->bif_dlist; d != 0; d = d->bd_next) { if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) continue; ++d->bd_rcount; slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); if (slen != 0) catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy); } } fabien ------------F117315228876ED6 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIGRgYJKoZIhvcNAQcCoIIGNzCCBjMCAQMxCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCBHEw ggRtMIIDVaADAgECAgEEMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYDVQQGEwJGUjENMAsGA1UECBME Tm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNVBAoTJU5FVEFTUSAtIFNlY3Vy ZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5FVEFTUSBDZXJ0aWZpY2F0aW9uIEF1 dGhvcml0eTAeFw0wMjAyMTkxNDQ4NDRaFw0wMzAyMTkxNDQ4NDRaMIHSMQswCQYDVQQGEwJGUjEN MAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNVBAoTJU5ldEFz cSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5ldEFzcSBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTEWMBQGA1UEAxMNRmFiaWVuIFRIT01BUzEnMCUGCSqGSIb3DQEJARYY ZmFiaWVuLnRob21hc0BuZXRhc3EuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnmO6H h5Nm3OOE7+k3zSP3/cWDBGbxVh5PInSwQeKW43cKKE0MH8Y5erHIhVVchaMRsvxBfJrB6T8s2vGN l+ZRnFVP2Ug8+xLYFFJONlkY1YnHTZJ/VGx/lsf2ZDR7ZKqgcnuvbrLra4Np062oED1xwEpzbJnT emmbOGTqscUvcwIDAQABo4IBDzCCAQswCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYE FLJEqzTrOFxg8EONNUey1yGm2kWjMIG+BgNVHSMEgbYwgbOAFCcq6x3ZRNo6F3NqCSAgySWo+X+y oYGXpIGUMIGRMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2 ZSBkJ0FzY3ExLjAsBgNVBAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkx JzAlBgNVBAsTHk5FVEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADARBglghkgBhvhCAQEE BAMCBaAwDQYJKoZIhvcNAQEFBQADggEBAERHjAkf5L/cZH/n0GTKyptbyr4ro7aGfOFyvyTCxeDN kL3v4gtD2itXx88JbThmsAHAiECjWhI8AUTBRsEpcPa9zbbQEnQqX+cdLnvgaZjCpAErSbrR3TN1 ToSahIFXYc5Ao+1K0fwMdZSmjbPS7J0gZPWdqLLFf214qOmMxAaw3zGRnSmcMUbwKGbfcyMT0KsK 7u82raxnKSgk/VzUzS26aXPbRHW4RguHOY40RLyyZJDjG883uBeOaOLvmmov5eFpcdkHlGav4wun 0ARGo1N/PUo+UntWkzPNWD1EXRxOE0iz3n7Bb8NwlS6A339TSi5lw14SfvbCg28QTfVGFKMxggGd MIIBmQIBATCBlzCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcTEVZpbGxl bmV1dmUgZCdBc2NxMS4wLAYDVQQKEyVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQgQ29ubmVjdGl2 aXR5MScwJQYDVQQLEx5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCAQQwCQYFKw4DAhoF AKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwIwYJKoZIhvcNAQkEMRYEFJMkB5vmkCWo4YI6 vZxv+2zrWFYuMBwGCSqGSIb3DQEJBTEPFw0wMjExMjYxMzEzNTlaMA0GCSqGSIb3DQEBAQUABIGA A21tb6zGLw2YBM+0Yp6IeZmlJocm5miovKt+NQq3rt2f4vqkKCkNDq62gh0+42Wai0PYlu2J8q38 HUY5VYE6ReOUElCbsV/dTMXN+FUD4g/S/ekWw9kKNjOGfu0+UcTVij3fUu8r7isuja2ZjFdBfAV/ 8o8883esKpNVbrvPN24= ------------F117315228876ED6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message