Date: Thu, 16 Jan 2020 16:38:19 +0200 From: Andriy Gapon <avg@FreeBSD.org> To: freebsd-net <freebsd-net@FreeBSD.org> Subject: iflib: assemble_segments -> rxd_frag_to_sd -> pfil_run_hooks Message-ID: <65fd52e7-0c1c-82af-2c88-cd739c857a91@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Something that confuses me in the iflib code.
I see that assemble_segments() repeatedly calls rxd_frag_to_sd() until all
fragments / segments of a packet are processee. rxd_frag_to_sd() can call
pfil_run_hooks() for each fragment:
if (rxq->pfil != NULL && PFIL_HOOKED_IN(rxq->pfil) && pf_rv != NULL) {
payload = *sd->ifsd_cl;
payload += ri->iri_pad;
len = ri->iri_len - ri->iri_pad;
*pf_rv = pfil_run_hooks(rxq->pfil, payload, ri->iri_ifp,
len | PFIL_MEMPTR | PFIL_IN, NULL);
What confuses it is how the hooks can understand whether they are looking at the
first fragment or the N-th. As far as I can see, the hooks get only the raw
data and its length. So, isn't it possible that a hook can misinterpret some
arbitrary data in N-th fragment as, e.g., some header field that is expected to
be only in the first fragment?
I could be missing something obvious here as I've never dealt with iflib until
recently and never with pfil code at all.
Thanks!
P.S.
Also, there is an else clause for the above if:
} else {
fl->ifl_sds.ifsd_m[cidx] = NULL;
*pf_rv = PFIL_PASS;
}
If pf_rv can be NULL, shouldn't that be checked in this branch as well?
--
Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?65fd52e7-0c1c-82af-2c88-cd739c857a91>