Date: Sat, 20 Mar 2010 01:50:03 GMT From: Gleb Kurtsou <gleb.kurtsou@gmail.com> To: freebsd-net@FreeBSD.org Subject: Re: kern/144874: [if_bridge] [patch] if_bridge frees mbuf after pfil hooks returns non-zero Message-ID: <201003200150.o2K1o3sx046333@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/144874; it has been noted by GNATS.
From: Gleb Kurtsou <gleb.kurtsou@gmail.com>
To: bug-followup@FreeBSD.org, jacobmdrop@comcast.net
Cc:
Subject: Re: kern/144874: [if_bridge] [patch] if_bridge frees mbuf after
pfil hooks returns non-zero
Date: Sat, 20 Mar 2010 03:50:04 +0200
[...]
> Create a simple pfil hook and install it with pfil_add_hook(PFIL_IN).
> The hook should drop (some) packets by returning a non-zero value. The
> hook should free the mbuf on dropped packets by calling m_freem(*mp).
> The filter should _not_ modify the mbuf pointer (mp). Install a
^^^^^^^^^ documentation is wrong here.
As far as I can see all firewalls in the tree zero mp after free,
something like:
if (chk && *m) {
m_freem(*m);
*m = NULL;
}
Correct fix would be to update documentation and add KASSERT to
pfil_run_hooks checking *mp == 0 if hook returned non-zero result.
> if_bridge on the system, and pass traffic through the bridge, such
> that at least one packet gets dropped by the pfil hook. At some point
> shortly after that the system will panic. The panic is usually occurs
> in sbflush_internal(), though there are other ways that the corruption
> can manifest.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003200150.o2K1o3sx046333>