svn commit: r306289 - head/sys/net

Renato Botelho garga at FreeBSD.org
Mon Sep 26 13:29:01 UTC 2016


> On 24 Sep 2016, at 04:09, Kristof Provost <kp at FreeBSD.org> wrote:
> 
> Author: kp
> Date: Sat Sep 24 07:09:43 2016
> New Revision: 306289
> URL: https://svnweb.freebsd.org/changeset/base/306289
> 
> Log:
>  bridge: Fix fragment handling and memory leak
> 
>  Fragmented UDP and ICMP packets were corrupted if a firewall with reassembling
>  feature (like pf'scrub) is enabled on the bridge.  This patch fixes corrupted
>  packet problem and the panic (triggered easly with low RAM) as explain in PR
>  185633.
> 
>  bridge_pfil and bridge_fragment relationship:
> 
>  bridge_pfil() receive (IN direction) packets and sent it to the firewall The
>  firewall can be configured for reassembling fragmented packet (like pf'scrubing)
>  in one mbuf chain when bridge_pfil() need to send this reassembled packet to the
>  outgoing interface, it needs to re-fragment it by using bridge_fragment()
>  bridge_fragment() had to split this mbuf (using ip_fragment) first then
>  had to M_PREPEND each packet in the mbuf chain for adding Ethernet
>  header.
> 
>  But M_PREPEND can sometime create a new mbuf on the begining of the mbuf chain,
>  then the "main" pointer of this mbuf chain should be updated and this case is
>  tottaly forgotten. The original bridge_fragment code (Revision 158140,
>  2006 April 29) came from OpenBSD, and the call to bridge_enqueue was
>  embedded.  But on FreeBSD, bridge_enqueue() is done after bridge_fragment(),
>  then the original OpenBSD code can't work as-it of FreeBSD.
> 
>  PR:		185633
>  Submitted by:	Olivier Cochard-Labbé
>  Differential Revision:	https://reviews.freebsd.org/D7780


Kristof,

Do you hace plans to MFC it to stable/11 and stable/10?

--
Renato Botelho



More information about the svn-src-all mailing list