The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=36637dd19dba79088e53c6f2aa026415eae9f8f0
commit 36637dd19dba79088e53c6f2aa026415eae9f8f0 Author: Kristof Provost <[email protected]> AuthorDate: 2022-02-19 15:34:31 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2022-02-21 18:03:44 +0000 bridge: Don't share broadcast packets if_bridge duplicates broadcast packets with m_copypacket(), which creates shared packets. In certain circumstances these packets can be processed by udp_usrreq.c:udp_input() first, which modifies the mbuf as part of the checksum verification. That may lead to incorrect packets being transmitted. Use m_dup() to create independent mbufs instead. Reported by: Richard Russo <[email protected]> Reviewed by: donner, afedorov MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D34319 --- sys/net/if_bridge.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index 703a76086c55..12c807fe2009 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -2176,7 +2176,7 @@ bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, used = 1; mc = m; } else { - mc = m_copypacket(m, M_NOWAIT); + mc = m_dup(m, M_NOWAIT); if (mc == NULL) { if_inc_counter(bifp, IFCOUNTER_OERRORS, 1); continue; @@ -2737,7 +2737,7 @@ bridge_span(struct bridge_softc *sc, struct mbuf *m) if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) continue; - mc = m_copypacket(m, M_NOWAIT); + mc = m_dup(m, M_NOWAIT); if (mc == NULL) { if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1); continue;
