Date: Tue, 27 Oct 1998 13:19:28 +0100 (MET) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: dg@root.com Cc: hackers@FreeBSD.ORG Subject: Re: Potential problem with network drivers in promisc mode Message-ID: <199810271219.NAA03999@labinfo.iet.unipi.it> In-Reply-To: <199810270845.AAA09535@implode.root.com> from "David Greenman" at Oct 27, 98 00:44:40 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > * disable RUNT reception when in promisc mode (I am not sure if this > > is a standard bpf option, or just happens to be implemented in the > > "ed" driver for convenience); > > I haven't verified this with the NIC spec, but I don't think it will ever > pass packets that are smaller than 14 bytes since the packets must still > conform to the 802.3 spec. it does... i am seeing 4, 5, 7 byte-packets (including CRC) all the time here after the fix for packet-lenght computation in the "ed" driver (i am not sure why i never saw less then 4, but perhaps the NIC at least wants enough to have a CRC to compare to.) And for the records, both the lenght in the NIC packet header and the length computed by considering the pointer to the next packet are consistent. > Still, I think it would be best to check the length and drop the packet > if it is less than 14 bytes. I don't think it is wise to always believe what > the hardware tells you. I do the check in the fxp driver, but I see that > this is an exception for FreeBSD drivers. the question is what to do with packets between 14 and 60 bytes: do you think the higher level code will check for short pkts or assumes that a packet with type 0x800 will have for sure an IP header ? The problem is particularly bad because the various length fields are unsigned all over the place and the tests for short packets generally fail because these counters will wrap to large values. if you don't have objections i would do the following: * if it is less than 14 bytes (excluding CRC) drop pkt * between 14 and 59 pass it to bpf if any, but not to ether_input * pkts >= 60 bytes go both to bpf and ether_input (but don't have strong preferences, so for me it's ok to pass up to ether_input() also short packets, although i am a bit uncertain how safe it is.) cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810271219.NAA03999>