summaryrefslogtreecommitdiffstats
path: root/lib/libc/stdlib
diff options
context:
space:
mode:
authorkp <kp@FreeBSD.org>2016-10-02 21:06:55 +0000
committerkp <kp@FreeBSD.org>2016-10-02 21:06:55 +0000
commit2cb4db0992c614f2818c21a26ef2b4f7ed296598 (patch)
treebbe14b7dcc55c6e3ed0948aa239ada10fcc246b6 /lib/libc/stdlib
parent3674ec6301bd9fb1f23360fea309d1ec46d0f0e8 (diff)
downloadFreeBSD-src-2cb4db0992c614f2818c21a26ef2b4f7ed296598.zip
FreeBSD-src-2cb4db0992c614f2818c21a26ef2b4f7ed296598.tar.gz
MFC r306289:
bridge: Fix fragment handling and memory leak Fragmented UDP and ICMP packets were corrupted if a firewall with reassembling feature (like pf'scrub) is enabled on the bridge. This patch fixes corrupted packet problem and the panic (triggered easly with low RAM) as explain in PR 185633. bridge_pfil and bridge_fragment relationship: bridge_pfil() receive (IN direction) packets and sent it to the firewall The firewall can be configured for reassembling fragmented packet (like pf'scrubing) in one mbuf chain when bridge_pfil() need to send this reassembled packet to the outgoing interface, it needs to re-fragment it by using bridge_fragment() bridge_fragment() had to split this mbuf (using ip_fragment) first then had to M_PREPEND each packet in the mbuf chain for adding Ethernet header. But M_PREPEND can sometime create a new mbuf on the begining of the mbuf chain, then the "main" pointer of this mbuf chain should be updated and this case is tottaly forgotten. The original bridge_fragment code (Revision 158140, 2006 April 29) came from OpenBSD, and the call to bridge_enqueue was embedded. But on FreeBSD, bridge_enqueue() is done after bridge_fragment(), then the original OpenBSD code can't work as-it of FreeBSD. PR: 185633 Submitted by: Olivier Cochard-Labbé
Diffstat (limited to 'lib/libc/stdlib')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud