Date: Thu, 15 Feb 2007 13:50:16 -0800 From: "Kip Macy" <kip.macy@gmail.com> To: "John Polstra" <jdp@polstra.com> Cc: freebsd-net@freebsd.org Subject: Re: bge0: discard frame w/o packet header Message-ID: <b1fa29170702151350r32f6a356kb5cc463b43e6ae5a@mail.gmail.com> In-Reply-To: <XFMail.20070215134724.jdp@polstra.com> References: <b1fa29170702151258k2dfde6d0j3fa447f5d07098d9@mail.gmail.com> <XFMail.20070215134724.jdp@polstra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Either way it sounds like someone has discovered a DOS in bge.
>
> No, it just about has to be a bug -- either in the mbuf allocator, the
> driver, or the NIC hardware. M_PKTHDR is a flag in the mbuf header,
> an area that isn't touched by packet data. The driver allocates
> all of its receive mbufs with the M_PKTHDR flag set. There's no
> legitimate way for the flag to get cleared, and nothing coming in on
> the wire should be able to cause it to be cleared.
I mean a bug in if_bge.c - there are a lot of ways that this could
happen - not calling M_GETHDR, mis-calling m_pullup etc.
-Kip
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b1fa29170702151350r32f6a356kb5cc463b43e6ae5a>