kern/123138: bpf incorrectly determines outgoing routed packets as incoming when BIOCSDIRECTION is used

Dmitry hanabana at mail.ru
Sun Apr 27 08:50:01 UTC 2008 

>Number:         123138
>Category:       kern
>Synopsis:       bpf incorrectly determines outgoing routed packets as incoming when BIOCSDIRECTION is used
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 27 08:50:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry
>Release:        7.0-STABLE
>Organization:
home
>Environment:
FreeBSD gw 7.0-STABLE FreeBSD 7.0-STABLE #0: Sun Apr 27 11:29:26 MSD 2008 root at kb:/var/tmp/obj/usr/src/sys/KG  i386
>Description:
BPF_CHECK_DIRECTION macros considers packet as outgoing when it has no receive interface field (rcvif) set. This correct for single homed server but is not enough for router. Packet came from one interface and going out another has rcvif field set even when it passed natd daemon.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

--- src/sys/net/bpf.c.orig	2008-04-23 11:41:21.000000000 +0400
+++ src/sys/net/bpf.c	2008-04-27 11:18:20.000000000 +0400
@@ -1330,9 +1330,9 @@
 	}
 }
 
-#define	BPF_CHECK_DIRECTION(d, i)				\
-	    (((d)->bd_direction == BPF_D_IN && (i) == NULL) ||	\
-	    ((d)->bd_direction == BPF_D_OUT && (i) != NULL))
+#define	BPF_CHECK_DIRECTION(d, i, bpi)				\
+	    (((d)->bd_direction == BPF_D_IN && (i) != (bpi)) ||	\
+	    ((d)->bd_direction == BPF_D_OUT && (i) == (bpi)))
 
 /*
  * Incoming linkage from device drivers, when packet is in an mbuf chain.
@@ -1357,7 +1357,7 @@
 
 	BPFIF_LOCK(bp);
 	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
-		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif))
+		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
 			continue;
 		BPFD_LOCK(d);
 		++d->bd_rcount;
@@ -1421,7 +1421,7 @@
 
 	BPFIF_LOCK(bp);
 	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
-		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif))
+		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
 			continue;
 		BPFD_LOCK(d);
 		++d->bd_rcount;


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list