From owner-freebsd-net@FreeBSD.ORG Wed Dec 14 02:23:56 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED1E616A41F for ; Wed, 14 Dec 2005 02:23:56 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from dbmail-mx4.orcon.co.nz (loadbalancer1.orcon.net.nz [219.88.242.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5345943D60 for ; Wed, 14 Dec 2005 02:23:55 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from heff.fud.org.nz (60-234-149-201.bitstream.orcon.net.nz [60.234.149.201]) by dbmail-mx4.orcon.co.nz (8.13.5/8.13.5/Debian-3) with ESMTP id jBE2Nsq6021059 for ; Wed, 14 Dec 2005 15:23:54 +1300 Received: by heff.fud.org.nz (Postfix, from userid 1001) id C4FB328433; Wed, 14 Dec 2005 15:23:53 +1300 (NZDT) Date: Wed, 14 Dec 2005 15:23:53 +1300 From: Andrew Thompson To: freebsd-net@freebsd.org Message-ID: <20051214022353.GB5248@heff.fud.org.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.11 X-Virus-Scanned: ClamAV 0.87.1/1209/Tue Dec 13 04:48:01 2005 on dbmail-mx4.orcon.co.nz X-Virus-Status: Clean Subject: m_copypacket in if_bridge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2005 02:23:57 -0000 Hi, I have realised that if_bridge uses m_copypacket() in an unsafe way. The copied multicast packet is sent back into ether_input for local processing so that ipv6 works but m_copypacket() returns a readonly mbuf. The layer3 header needs to be aligned so I have changed this to m_dup+m_copyup. Can I get a review to ensure this is the correct fix Andrew Index: if_bridge.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_bridge.c,v retrieving revision 1.35 diff -u -p -r1.35 if_bridge.c --- if_bridge.c 29 Nov 2005 20:29:44 -0000 1.35 +++ if_bridge.c 13 Dec 2005 20:50:14 -0000 @@ -1743,7 +1743,11 @@ bridge_input(struct ifnet *ifp, struct m */ KASSERT(bifp->if_bridge == NULL, ("loop created in bridge_input")); - mc2 = m_copypacket(m, M_DONTWAIT); + mc2 = m_dup(m, M_DONTWAIT); + if (mc2 != NULL) { + int i = min(mc2->m_pkthdr.len, max_protohdr); + mc2 = m_copyup(mc2, i, ETHER_ALIGN); + } if (mc2 != NULL) { mc2->m_pkthdr.rcvif = bifp; (*bifp->if_input)(bifp, mc2);