git: 6929fea00ddd - stable/12 - bridge: Don't share broadcast packets

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Mon, 28 Feb 2022 15:39:10 UTC
The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=6929fea00dddb78053403d8a674b3bda6a91fd47

commit 6929fea00dddb78053403d8a674b3bda6a91fd47
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-02-19 15:34:31 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-02-26 08:26:16 +0000

    bridge: Don't share broadcast packets
    
    if_bridge duplicates broadcast packets with m_copypacket(), which
    creates shared packets. In certain circumstances these packets can be
    processed by udp_usrreq.c:udp_input() first, which modifies the mbuf as
    part of the checksum verification. That may lead to incorrect packets
    being transmitted.
    
    Use m_dup() to create independent mbufs instead.
    
    Reported by:    Richard Russo <toast@ruka.org>
    Reviewed by:    donner, afedorov
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D34319
    
    (cherry picked from commit 36637dd19dba79088e53c6f2aa026415eae9f8f0)
---
 sys/net/if_bridge.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 22bcc84d44ef..cfa6eb88757d 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -2205,7 +2205,7 @@ bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
 				used = 1;
 				mc = m;
 			} else {
-				mc = m_copypacket(m, M_NOWAIT);
+				mc = m_dup(m, M_NOWAIT);
 				if (mc == NULL) {
 					if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
 					continue;
@@ -2786,7 +2786,7 @@ bridge_span(struct bridge_softc *sc, struct mbuf *m)
 		if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
 			continue;
 
-		mc = m_copypacket(m, M_NOWAIT);
+		mc = m_dup(m, M_NOWAIT);
 		if (mc == NULL) {
 			if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
 			continue;