Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Feb 2022 15:39:09 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 226bb05ebcb6 - stable/13 - bridge: Don't share broadcast packets
Message-ID:  <202202281539.21SFd9TE085444@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=226bb05ebcb6860313ec826c47542af2463b18ea

commit 226bb05ebcb6860313ec826c47542af2463b18ea
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-02-19 15:34:31 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-02-28 15:38:05 +0000

    bridge: Don't share broadcast packets
    
    if_bridge duplicates broadcast packets with m_copypacket(), which
    creates shared packets. In certain circumstances these packets can be
    processed by udp_usrreq.c:udp_input() first, which modifies the mbuf as
    part of the checksum verification. That may lead to incorrect packets
    being transmitted.
    
    Use m_dup() to create independent mbufs instead.
    
    Reported by:    Richard Russo <toast@ruka.org>
    Reviewed by:    donner, afedorov
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D34319
    
    (cherry picked from commit 36637dd19dba79088e53c6f2aa026415eae9f8f0)
---
 sys/net/if_bridge.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 926e7f9a1d19..02ccceed70a5 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -2164,7 +2164,7 @@ bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
 				used = 1;
 				mc = m;
 			} else {
-				mc = m_copypacket(m, M_NOWAIT);
+				mc = m_dup(m, M_NOWAIT);
 				if (mc == NULL) {
 					if_inc_counter(bifp, IFCOUNTER_OERRORS, 1);
 					continue;
@@ -2725,7 +2725,7 @@ bridge_span(struct bridge_softc *sc, struct mbuf *m)
 		if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
 			continue;
 
-		mc = m_copypacket(m, M_NOWAIT);
+		mc = m_dup(m, M_NOWAIT);
 		if (mc == NULL) {
 			if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
 			continue;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202202281539.21SFd9TE085444>