m_copypacket in if_bridge

Andrew Thompson thompsa at freebsd.org
Tue Dec 13 18:23:57 PST 2005


Hi,


I have realised that if_bridge uses m_copypacket() in an unsafe way.
The copied multicast packet is sent back into ether_input for local
processing so that ipv6 works but m_copypacket() returns a readonly
mbuf. The layer3 header needs to be aligned so I have changed this to
m_dup+m_copyup.

Can I get a review to ensure this is the correct fix


Andrew



Index: if_bridge.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_bridge.c,v
retrieving revision 1.35
diff -u -p -r1.35 if_bridge.c
--- if_bridge.c	29 Nov 2005 20:29:44 -0000	1.35
+++ if_bridge.c	13 Dec 2005 20:50:14 -0000
@@ -1743,7 +1743,11 @@ bridge_input(struct ifnet *ifp, struct m
 		 */
 		KASSERT(bifp->if_bridge == NULL,
 		    ("loop created in bridge_input"));
-		mc2 = m_copypacket(m, M_DONTWAIT);
+		mc2 = m_dup(m, M_DONTWAIT);
+		if (mc2 != NULL) {
+			int i = min(mc2->m_pkthdr.len, max_protohdr);
+			mc2 = m_copyup(mc2, i, ETHER_ALIGN);
+		}
 		if (mc2 != NULL) {
 			mc2->m_pkthdr.rcvif = bifp;
 			(*bifp->if_input)(bifp, mc2);




More information about the freebsd-net mailing list