> On 24 Sep 2016, at 04:09, Kristof Provost <k...@freebsd.org> wrote: > > Author: kp > Date: Sat Sep 24 07:09:43 2016 > New Revision: 306289 > URL: https://svnweb.freebsd.org/changeset/base/306289 > > Log: > bridge: Fix fragment handling and memory leak > > Fragmented UDP and ICMP packets were corrupted if a firewall with > reassembling > feature (like pf'scrub) is enabled on the bridge. This patch fixes corrupted > packet problem and the panic (triggered easly with low RAM) as explain in PR > 185633. > > bridge_pfil and bridge_fragment relationship: > > bridge_pfil() receive (IN direction) packets and sent it to the firewall The > firewall can be configured for reassembling fragmented packet (like > pf'scrubing) > in one mbuf chain when bridge_pfil() need to send this reassembled packet to > the > outgoing interface, it needs to re-fragment it by using bridge_fragment() > bridge_fragment() had to split this mbuf (using ip_fragment) first then > had to M_PREPEND each packet in the mbuf chain for adding Ethernet > header. > > But M_PREPEND can sometime create a new mbuf on the begining of the mbuf > chain, > then the "main" pointer of this mbuf chain should be updated and this case is > tottaly forgotten. The original bridge_fragment code (Revision 158140, > 2006 April 29) came from OpenBSD, and the call to bridge_enqueue was > embedded. But on FreeBSD, bridge_enqueue() is done after bridge_fragment(), > then the original OpenBSD code can't work as-it of FreeBSD. > > PR: 185633 > Submitted by: Olivier Cochard-Labbé > Differential Revision: https://reviews.freebsd.org/D7780
Kristof, Do you hace plans to MFC it to stable/11 and stable/10? -- Renato Botelho _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
