svn commit: r306289 - head/sys/net
Renato Botelho
garga at FreeBSD.org
Mon Sep 26 13:29:01 UTC 2016
> On 24 Sep 2016, at 04:09, Kristof Provost <kp at FreeBSD.org> wrote:
>
> Author: kp
> Date: Sat Sep 24 07:09:43 2016
> New Revision: 306289
> URL: https://svnweb.freebsd.org/changeset/base/306289
>
> Log:
> bridge: Fix fragment handling and memory leak
>
> Fragmented UDP and ICMP packets were corrupted if a firewall with reassembling
> feature (like pf'scrub) is enabled on the bridge. This patch fixes corrupted
> packet problem and the panic (triggered easly with low RAM) as explain in PR
> 185633.
>
> bridge_pfil and bridge_fragment relationship:
>
> bridge_pfil() receive (IN direction) packets and sent it to the firewall The
> firewall can be configured for reassembling fragmented packet (like pf'scrubing)
> in one mbuf chain when bridge_pfil() need to send this reassembled packet to the
> outgoing interface, it needs to re-fragment it by using bridge_fragment()
> bridge_fragment() had to split this mbuf (using ip_fragment) first then
> had to M_PREPEND each packet in the mbuf chain for adding Ethernet
> header.
>
> But M_PREPEND can sometime create a new mbuf on the begining of the mbuf chain,
> then the "main" pointer of this mbuf chain should be updated and this case is
> tottaly forgotten. The original bridge_fragment code (Revision 158140,
> 2006 April 29) came from OpenBSD, and the call to bridge_enqueue was
> embedded. But on FreeBSD, bridge_enqueue() is done after bridge_fragment(),
> then the original OpenBSD code can't work as-it of FreeBSD.
>
> PR: 185633
> Submitted by: Olivier Cochard-Labbé
> Differential Revision: https://reviews.freebsd.org/D7780
Kristof,
Do you hace plans to MFC it to stable/11 and stable/10?
--
Renato Botelho
More information about the svn-src-all
mailing list