From owner-svn-src-stable@FreeBSD.ORG  Wed Oct 20 12:38:05 2010
Return-Path: <owner-svn-src-stable@FreeBSD.ORG>
Delivered-To: svn-src-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7F12D106566B;
	Wed, 20 Oct 2010 12:38:05 +0000 (UTC)
	(envelope-from maxim@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 521208FC18;
	Wed, 20 Oct 2010 12:38:05 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o9KCc5WO057582;
	Wed, 20 Oct 2010 12:38:05 GMT (envelope-from maxim@svn.freebsd.org)
Received: (from maxim@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id o9KCc56Y057580;
	Wed, 20 Oct 2010 12:38:05 GMT (envelope-from maxim@svn.freebsd.org)
Message-Id: <201010201238.o9KCc56Y057580@svn.freebsd.org>
From: Maxim Konovalov <maxim@FreeBSD.org>
Date: Wed, 20 Oct 2010 12:38:05 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r214108 - stable/8/sys/netinet/ipfw
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
	<svn-src-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>, 
	<mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
	<mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2010 12:38:05 -0000

Author: maxim
Date: Wed Oct 20 12:38:05 2010
New Revision: 214108
URL: http://svn.freebsd.org/changeset/base/214108

Log:
  MFC r211992: some programs could send broadcast/multicast traffic to
  ipfw pseudo-interface.  This leads to a panic due to uninitialized
  if_broadcastaddr address.  Initialize it and implement ip_output()
  method to prevent mbuf leak later.

Modified:
  stable/8/sys/netinet/ipfw/ip_fw_log.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)

Modified: stable/8/sys/netinet/ipfw/ip_fw_log.c
==============================================================================
--- stable/8/sys/netinet/ipfw/ip_fw_log.c	Wed Oct 20 09:50:11 2010	(r214107)
+++ stable/8/sys/netinet/ipfw/ip_fw_log.c	Wed Oct 20 12:38:05 2010	(r214108)
@@ -103,6 +103,24 @@ log_dummy(struct ifnet *ifp, u_long cmd,
 	return EINVAL;
 }
 
+static int
+ipfw_log_output(struct ifnet *ifp, struct mbuf *m,
+	struct sockaddr *dst, struct route *ro)
+{
+	if (m != NULL)
+		m_freem(m);
+	return EINVAL;
+}
+
+static void
+ipfw_log_start(struct ifnet* ifp)
+{
+	panic("ipfw_log_start() must not be called");
+}
+
+static const u_char ipfwbroadcastaddr[6] =
+	{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+
 void
 ipfw_log_bpf(int onoff)
 {
@@ -119,11 +137,12 @@ ipfw_log_bpf(int onoff)
 		ifp->if_flags = IFF_UP | IFF_SIMPLEX | IFF_MULTICAST;
 		ifp->if_init = (void *)log_dummy;
 		ifp->if_ioctl = log_dummy;
-		ifp->if_start = (void *)log_dummy;
-		ifp->if_output = (void *)log_dummy;
+		ifp->if_start = ipfw_log_start;
+		ifp->if_output = ipfw_log_output;
 		ifp->if_addrlen = 6;
 		ifp->if_hdrlen = 14;
 		if_attach(ifp);
+		ifp->if_broadcastaddr = ipfwbroadcastaddr;
 		ifp->if_baudrate = IF_Mbps(10);
 		bpfattach(ifp, DLT_EN10MB, 14);
 		log_if = ifp;