From owner-freebsd-net Wed Aug 23 12:24:15 2000 Delivered-To: freebsd-net@freebsd.org Received: from gatekeeper.whistle.com (gatekeeper.whistle.com [207.76.204.2]) by hub.freebsd.org (Postfix) with ESMTP id 324E737B43C for ; Wed, 23 Aug 2000 12:24:06 -0700 (PDT) Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by gatekeeper.whistle.com (8.9.3/8.9.3) with ESMTP id MAA08637 for ; Wed, 23 Aug 2000 12:24:06 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.3/8.9.3) id MAA85629 for freebsd-net@FreeBSD.ORG; Wed, 23 Aug 2000 12:24:05 -0700 (PDT) (envelope-from archie) Received: from whistle.com (whistle.com [207.76.205.131]) by bubba.whistle.com (8.9.3/8.9.3) with ESMTP id MAA85476 for ; Wed, 23 Aug 2000 12:11:27 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.10.0/8.10.0) id e7NJBQh18368 for ; Wed, 23 Aug 2000 12:11:26 -0700 (PDT) Received: from gatekeeper.whistle.com( 207.76.204.2) by whistle.com via smap (V2.0) id xma018366; Wed, 23 Aug 2000 12:11:11 -0700 Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by gatekeeper.whistle.com (8.9.3/8.9.3) with ESMTP id MAA08446; Wed, 23 Aug 2000 12:10:38 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.3/8.9.3) id MAA85466; Wed, 23 Aug 2000 12:10:38 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200008231910.MAA85466@bubba.whistle.com> Subject: Re: bridging and freebsd crash In-Reply-To: <200008231823.UAA29344@info.iet.unipi.it> "from Luigi Rizzo at Aug 23, 2000 08:23:54 pm" To: Luigi Rizzo Date: Wed, 23 Aug 2000 12:10:38 -0700 (PDT) Cc: Archie Cobbs , Robert Watson , Tomas Hodan , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Luigi Rizzo writes: > And below, when you say that the interaction between bridging+ipfw > was ill-conceived, can you explain where ? I just mean that it needs to be made clear (a) whether ipfw is going to do IP-only filtering or otherwise, and (b) what is the correct path for packets to reach ipfw. IMHO packets should only go through ipfw via the function calls in ip_input() and ip_output(). > I think the problem is not only with unvalidated packets reaching > ipfw, it is also with mbufs shared between a device driver (which > might pass it to a DMA engine) and the upper layers (where the code > might do some NTOH*() on the same buffer, resulting in data > corruption for the net -- this is the breakage for multicast packets Isn't this a result of calling ipfw without going through the "normal" pathways? Or.. do we know the exact pathway that causes this to happen? Where is the m_copypacket() happening? (there must be one, right?) If so, this should be easy to fix (at the expense of speed) by using m_dup() instead of m_copypacket(). This could be a short term fix. > i was referring to. I do not think moving to > netgraph is going to help, you have to know that the problem is there > and apply countermeasures. At least, netgraph has strict rules about who "owns" an mbuf. > Actually passing bridged packets to ipfw with all proper tests > took a handful of lines of code and did work. Yes, the commit i did > also had some dead code trying to match ethernet packets -- that one > had to be either removed or fixed, but that's it. > I don't think the interaction was ill-conceived :) We can acomplish the same thing using the "normal" pathways and avoid the "handful of lines" == "hack" :-) > > I'm willing to work with anyone interested in this project -- or some > > which brings things back to square one... no volunteers aroung :( Well, first let's think about a real plan (i.e., design) for what we want to acomplish. Then we can set about asking for help. You've heard my plan. How would you suggest we address the current situation? And do even fully understand it? (I don't yet) Thanks, -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message