Date: Tue, 27 Oct 1998 00:44:59 -0800 From: David Greenman <dg@root.com> To: Luigi Rizzo <luigi@labinfo.iet.unipi.it> Cc: hackers@FreeBSD.ORG Subject: Re: Potential problem with network drivers in promisc mode Message-ID: <199810270845.AAA09535@implode.root.com> In-Reply-To: Your message of "Tue, 27 Oct 1998 07:25:26 %2B0100." <199810270625.HAA03642@labinfo.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
>accept also RUNT pkts and those with bad CRCs. This means that very >short packets may make it up to the point where the card prepares for >ether_input(), and the usual action there is something like > > ms->m_pkthdr.len -= sizeof(struct ether_header); > >etc.. If m_pkthdr.len < 14, this results in a very large value going >into m_pkthdr.len (u_short), with all sort of interesting consequences. ... > * disable RUNT reception when in promisc mode (I am not sure if this > is a standard bpf option, or just happens to be implemented in the > "ed" driver for convenience); I haven't verified this with the NIC spec, but I don't think it will ever pass packets that are smaller than 14 bytes since the packets must still conform to the 802.3 spec. Still, I think it would be best to check the length and drop the packet if it is less than 14 bytes. I don't think it is wise to always believe what the hardware tells you. I do the check in the fxp driver, but I see that this is an exception for FreeBSD drivers. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810270845.AAA09535>