diff options
author | Kristof Provost <kp@FreeBSD.org> | 2022-02-19 15:34:31 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2022-02-21 18:03:44 +0000 |
commit | 36637dd19dba79088e53c6f2aa026415eae9f8f0 (patch) | |
tree | fd7abe1d9df4d5c8d97cf2e4e2405cbfa29e006c | |
parent | c2318cf80a9edf5bfcd5ed20037c8d0b80a78d69 (diff) | |
download | src-36637dd19dba79088e53c6f2aa026415eae9f8f0.tar.gz src-36637dd19dba79088e53c6f2aa026415eae9f8f0.zip |
bridge: Don't share broadcast packets
if_bridge duplicates broadcast packets with m_copypacket(), which
creates shared packets. In certain circumstances these packets can be
processed by udp_usrreq.c:udp_input() first, which modifies the mbuf as
part of the checksum verification. That may lead to incorrect packets
being transmitted.
Use m_dup() to create independent mbufs instead.
Reported by: Richard Russo <toast@ruka.org>
Reviewed by: donner, afedorov
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D34319
-rw-r--r-- | sys/net/if_bridge.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index 703a76086c55..12c807fe2009 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -2176,7 +2176,7 @@ bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, used = 1; mc = m; } else { - mc = m_copypacket(m, M_NOWAIT); + mc = m_dup(m, M_NOWAIT); if (mc == NULL) { if_inc_counter(bifp, IFCOUNTER_OERRORS, 1); continue; @@ -2737,7 +2737,7 @@ bridge_span(struct bridge_softc *sc, struct mbuf *m) if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) continue; - mc = m_copypacket(m, M_NOWAIT); + mc = m_dup(m, M_NOWAIT); if (mc == NULL) { if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1); continue; |