From owner-freebsd-net@FreeBSD.ORG Tue Nov 23 08:21:37 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32FD910656C0 for ; Tue, 23 Nov 2010 08:21:37 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id BABBB8FC12 for ; Tue, 23 Nov 2010 08:21:36 +0000 (UTC) Received: by wyb35 with SMTP id 35so155676wyb.13 for ; Tue, 23 Nov 2010 00:21:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=vPWN0gGyBBahgiaBBSFfjnfBzoIvRb3ordaERuxOFfw=; b=mbr44KbVCGu4LkLsKDUjpQ9o29p6sVUxlHWquSptHrssHnaA98pHgMKke7h3uqDsnA CrON6jUqpqmL3enmAvLcPwOq9d5U9E8cpf06bMF6vx+Wumalo4urz51mCeh4j7s3V6qU A7EyhZ/cAhpYadJH/R2cSUBroIomlOr8ugW7A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=DMe17KqLxgQjOw9J3TDkY/okj2rW/1fQy9YdqdfOGtRREOmnT5fsNWaAnGJJMthXL6 DRch8qo5+sEM3GeQWdTx7SjdGLSt7ZZfFHuyi+2uWNJPc0QgDeBrQeLg++hmmLIoL+ex egpjmmEeOgp2xC8HLZlB3KxyZ/+W0WpnJhXf4= MIME-Version: 1.0 Received: by 10.216.157.6 with SMTP id n6mr6235910wek.35.1290500495420; Tue, 23 Nov 2010 00:21:35 -0800 (PST) Received: by 10.216.65.210 with HTTP; Tue, 23 Nov 2010 00:21:35 -0800 (PST) In-Reply-To: References: Date: Tue, 23 Nov 2010 16:21:35 +0800 Message-ID: From: Adrian Chadd To: FreeBSD Net Content-Type: text/plain; charset=ISO-8859-1 Cc: Luigi Rizzo Subject: Re: ipfw and bridge: unaligned payload pointers panicing perfectly performing MIPS boxes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Nov 2010 08:21:37 -0000 Hi again, bz and I have done a bit of sleuthing. There's a few problems! Firstly - bridge_pfil() in sys/net/if_bridge.c calls a couple of functions to check the validity and alignment of ipv4/ipv6 packets (ie, bridge_ip_checkbasic() and bridge_ip6_checkbasic().) But bridge_ip6_checkbasic() is only called if the kernel is compiled with INET6. This MIPS platform I'm working on currently doesn't have INET6 compiled in, so: * IPv6 packet arrives in if_bridge * It doesn't get passed to bridge_ip6_checkbasic() * It gets punted to ipfw_chk() (I have net.link.bridge.ipfw set to 1) * ipfw_chk() sees the ethertype being IPv6 so it does the check whether the IP header version is IPv6 = but at that stage (struct ip *) ip is unaligned and an exception occurs. The fix - compile in INET6. :-/ I'd like to not rely on that though! Secondly - other misaligned packets were sneaking in. That's fine for now - the payload shouldn't be being fondled. But the ethertype was garbage. What bz and I found is that it's a SNAP packet (the ethertype being 0x001b) and although if_bridge.c::bridge_pfil() strips the SNAP header from the mbuf, the copy of the ethernet header it passes to ipfw_chk() still has the old ethertype set. Suggestion - when stripping off the SNAP header, set eh2.ether_type to the "correct" ether type, rather than the SNAP length field. 2c, Adrian Adrian