Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 02 Oct 2016 21:11:36 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-pf@FreeBSD.org
Subject:   [Bug 185633] [pf] scrubbing bug in transparent mode bug with bigger than MTU UDP packet
Message-ID:  <bug-185633-17777-LCiuPsvoyG@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-185633-17777@https.bugs.freebsd.org/bugzilla/>
References:  <bug-185633-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D185633

--- Comment #17 from commit-hook@freebsd.org ---
A commit references this bug:

Author: kp
Date: Sun Oct  2 21:11:25 UTC 2016
New revision: 306594
URL: https://svnweb.freebsd.org/changeset/base/306594

Log:
  MFC r306289:

  bridge: Fix fragment handling and memory leak

  Fragmented UDP and ICMP packets were corrupted if a firewall with
reassembling
  feature (like pf'scrub) is enabled on the bridge.  This patch fixes corru=
pted
  packet problem and the panic (triggered easly with low RAM) as explain in=
 PR
  185633.

  bridge_pfil and bridge_fragment relationship:

  bridge_pfil() receive (IN direction) packets and sent it to the firewall =
The
  firewall can be configured for reassembling fragmented packet (like
pf'scrubing)
  in one mbuf chain when bridge_pfil() need to send this reassembled packet=
 to
the
  outgoing interface, it needs to re-fragment it by using bridge_fragment()
  bridge_fragment() had to split this mbuf (using ip_fragment) first then
  had to M_PREPEND each packet in the mbuf chain for adding Ethernet
  header.

  But M_PREPEND can sometime create a new mbuf on the begining of the mbuf
chain,
  then the "main" pointer of this mbuf chain should be updated and this cas=
e is
  tottaly forgotten. The original bridge_fragment code (Revision 158140,
  2006 April 29) came from OpenBSD, and the call to bridge_enqueue was
  embedded.  But on FreeBSD, bridge_enqueue() is done after bridge_fragment=
(),
  then the original OpenBSD code can't work as-it of FreeBSD.

  PR:             185633
  Submitted by:   Olivier Cochard-Labb?

Changes:
_U  stable/10/
  stable/10/sys/net/if_bridge.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-185633-17777-LCiuPsvoyG>