Correct pfil_run_hooks return handling: if the return value is non-zero

then the mbuf has been consumed by a hook; otherwise beware of a null mbuf return (gack). In particular the bridge was doing the wrong thing. While in the ipv6 code make it's handling of pfil_run_hooks identical to netbsd. Pointed out by: Pyun YongHyeon <yongari@kt-is.co.kr>
author: sam <sam@FreeBSD.org> 2003-09-30 04:46:08 +0000
committer: sam <sam@FreeBSD.org> 2003-09-30 04:46:08 +0000
commit: d1d4c947ce1dc00069d3ebc7667f42ebd15add02 (patch)
tree: e69e397b08ceb0859fe952a0aca6ef40dc00ff1d /sys/net/bridge.c
parent: 8a599ca7c0982d2714c3a7d8fd2553f6367d3208 (diff)
download: FreeBSD-src-d1d4c947ce1dc00069d3ebc7667f42ebd15add02.zip
FreeBSD-src-d1d4c947ce1dc00069d3ebc7667f42ebd15add02.tar.gz
1 files changed, 3 insertions, 5 deletions
diff --git a/sys/net/bridge.c b/sys/net/bridge.c
index d0fa2d9..5864a6f 100644
--- a/sys/net/bridge.c
+++ b/sys/net/bridge.c
@@ -1020,13 +1020,11 @@ bdg_forward(struct mbuf *m0, struct ifnet *dst)
 	    ip->ip_off = ntohs(ip->ip_off);
 
 	    if (pfil_run_hooks(&inet_pfil_hook, &m0, src, PFIL_IN) != 0) {
-		EH_RESTORE(m0);		/* restore Ethernet header */
-		return m0;
-	    }
-	    if (m0 == NULL) {
-		bdg_dropped++;
+		/* NB: hook should consume packet */
 		return NULL;
 	    }
+	    if (m0 == NULL)			/* consumed by filter */
+		return m0;
 	    /*
 	     * If we get here, the firewall has passed the pkt, but the mbuf
 	     * pointer might have changed. Restore ip and the fields ntohs()'d.
author	sam <sam@FreeBSD.org>	2003-09-30 04:46:08 +0000
committer	sam <sam@FreeBSD.org>	2003-09-30 04:46:08 +0000
commit	d1d4c947ce1dc00069d3ebc7667f42ebd15add02 (patch)
tree	e69e397b08ceb0859fe952a0aca6ef40dc00ff1d /sys/net/bridge.c
parent	8a599ca7c0982d2714c3a7d8fd2553f6367d3208 (diff)
download	FreeBSD-src-d1d4c947ce1dc00069d3ebc7667f42ebd15add02.zip FreeBSD-src-d1d4c947ce1dc00069d3ebc7667f42ebd15add02.tar.gz