On 21 Nov 2017, at 17:14, Catalin Salgau wrote:
Actually m_getm2() will always produce a chain for a size larger than
the page size, due to m_getjcl() being called with MJUMPAGESIZE every
time a large buffer is requested. The function could probably be
called
with MJUM9BYTES in this case, but this should be dependant on backing
interface configuration(?).
I’d be tempted to just always allocate MJUM9BYTES, but that’s
wasteful of memory.
I believe the most common use case for this code is the DHCP client,
where large packets are not a requirement.
There doesn’t seem to be an obvious way to allocate a contiguous mbuf,
other than allocating the memory yourself, and creating an M_EXT mbuf.
Some care must be taken to ensure the memory is correctly freed, but at
first glance that looks possible.
On the other hand, as you pointed out, bpf_filter really needs a
single
mbuf, and so does the call to uiomove(). The filter call, as it
stands,
will overread due to being passed the larger len value, instead of the
mbuf's len.
As a note, to avoid the overruns and related panics, I'd suggest
anyone
else trying this replace the assertion with an explicit
if (m->m_next != NULL) {
error = EIO;
goto bad;
}
Yes, that would be better.
Regards,
Kristof
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
