[Bug 7802] [MFC] outbound, fragmented multicast packets are mishandled at the data-link layer
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 17 07:22:34 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=7802
--- Comment #4 from commit-hook at freebsd.org ---
A commit references this bug:
Author: hselasky
Date: Wed Jun 17 07:21:44 UTC 2015
New revision: 284496
URL: https://svnweb.freebsd.org/changeset/base/284496
Log:
MFC r280991:
Extend fixes made in r278103 and r38754 by copying the complete packet
header and not only partial flags and fields. Firewalls can attach
classification tags to the outgoing mbufs which should be copied to
all the new fragments. Else only the first fragment will be let
through by the firewall. This can easily be tested by sending a large
ping packet through a firewall. It was also discovered that VLAN
related flags and fields should be copied for packets traversing
through VLANs. This is all handled by "m_dup_pkthdr()".
Regarding the MAC policy check in ip_fragment(), the tag provided by
the originating mbuf is copied instead of using the default one
provided by m_gethdr().
Tested by: Karim Fodil-Lemelin <fodillemlinkarim at gmail.com>
Sponsored by: Mellanox Technologies
PR: 7802
Changes:
_U stable/10/
stable/10/sys/netinet/ip_output.c
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list