git: 80c2f5fc0aed - stable/13 - if_pflog: fix packet length

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Sun, 12 Dec 2021 18:11:48 UTC
The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=80c2f5fc0aedda284babe1bffbddb4fc29314ff0

commit 80c2f5fc0aedda284babe1bffbddb4fc29314ff0
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-12-02 07:22:34 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-12-11 09:38:50 +0000

    if_pflog: fix packet length
    
    There were two issues with the new pflog packet length.
    The first is that the length is expected to be a multiple of
    sizeof(long), but we'd assumed it had to be a multiple of
    sizeof(uint32_t).
    
    The second is that there's some broken software out there (such as
    Wireshark) that makes incorrect assumptions about the amount of padding.
    That is, Wireshark assumes there's always three bytes of padding, rather
    than however much is needed to get to a multiple of sizeof(long).
    
    Fix this by adding extra padding, and a fake field to maintain
    Wireshark's assumption.
    
    Reported by:    Ozkan KIRIK <ozkan.kirik@gmail.com>
    Tested by:      Ozkan KIRIK <ozkan.kirik@gmail.com>
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D33236
    
    (cherry picked from commit 6d4baa0d011cb3e78b4b08415568e71c0aab00fe)
---
 sys/net/if_pflog.h        | 8 ++++++--
 sys/netpfil/pf/if_pflog.c | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h
index c77d8da1440a..93a69a2bb3a5 100644
--- a/sys/net/if_pflog.h
+++ b/sys/net/if_pflog.h
@@ -31,6 +31,8 @@
 #ifndef _NET_IF_PFLOG_H_
 #define	_NET_IF_PFLOG_H_
 
+#include <net/bpf.h>
+
 #define	PFLOGIFS_MAX	16
 
 #define	PFLOG_RULESET_NAME_SIZE	16
@@ -51,11 +53,13 @@ struct pfloghdr {
 	u_int8_t	dir;
 	u_int8_t	pad[3];
 	u_int32_t	ridentifier;
+	u_int8_t	reserve;	/* Appease broken software like Wireshark. */
+	u_int8_t	pad2[3];
 };
 
-#define	PFLOG_HDRLEN		sizeof(struct pfloghdr)
+#define	PFLOG_HDRLEN		BPF_WORDALIGN(offsetof(struct pfloghdr, pad2))
 /* minus pad, also used as a signature */
-#define	PFLOG_REAL_HDRLEN	offsetof(struct pfloghdr, pad)
+#define	PFLOG_REAL_HDRLEN	offsetof(struct pfloghdr, pad2)
 
 #ifdef _KERNEL
 struct pf_rule;
diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 4853c1301d6f..261c9f2a4087 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -215,7 +215,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
 		return (0);
 
 	bzero(&hdr, sizeof(hdr));
-	hdr.length = PFLOG_HDRLEN;
+	hdr.length = PFLOG_REAL_HDRLEN;
 	hdr.af = af;
 	hdr.action = rm->action;
 	hdr.reason = reason;