Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Dec 2005 15:23:53 +1300
From:      Andrew Thompson <thompsa@freebsd.org>
To:        freebsd-net@freebsd.org
Subject:   m_copypacket in if_bridge
Message-ID:  <20051214022353.GB5248@heff.fud.org.nz>
next in thread | raw e-mail | index | archive | help 
Hi,


I have realised that if_bridge uses m_copypacket() in an unsafe way.
The copied multicast packet is sent back into ether_input for local
processing so that ipv6 works but m_copypacket() returns a readonly
mbuf. The layer3 header needs to be aligned so I have changed this to
m_dup+m_copyup.

Can I get a review to ensure this is the correct fix


Andrew



Index: if_bridge.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_bridge.c,v
retrieving revision 1.35
diff -u -p -r1.35 if_bridge.c
--- if_bridge.c	29 Nov 2005 20:29:44 -0000	1.35
+++ if_bridge.c	13 Dec 2005 20:50:14 -0000
@@ -1743,7 +1743,11 @@ bridge_input(struct ifnet *ifp, struct m
 		 */
 		KASSERT(bifp->if_bridge == NULL,
 		    ("loop created in bridge_input"));
-		mc2 = m_copypacket(m, M_DONTWAIT);
+		mc2 = m_dup(m, M_DONTWAIT);
+		if (mc2 != NULL) {
+			int i = min(mc2->m_pkthdr.len, max_protohdr);
+			mc2 = m_copyup(mc2, i, ETHER_ALIGN);
+		}
 		if (mc2 != NULL) {
 			mc2->m_pkthdr.rcvif = bifp;
 			(*bifp->if_input)(bifp, mc2);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051214022353.GB5248>