diff options
author | qingli <qingli@FreeBSD.org> | 2006-08-01 17:28:10 +0000 |
---|---|---|
committer | qingli <qingli@FreeBSD.org> | 2006-08-01 17:28:10 +0000 |
commit | a2e0f77d8f100b139a19a4fc8ecece7356b6afdc (patch) | |
tree | bd257e3d78eec56455a22902e0f3111b453f5f45 /sys/net/if_vlan.c | |
parent | 1e0ddf7fae5884e70d7b1608edf2d929c1786ba5 (diff) | |
download | FreeBSD-src-a2e0f77d8f100b139a19a4fc8ecece7356b6afdc.zip FreeBSD-src-a2e0f77d8f100b139a19a4fc8ecece7356b6afdc.tar.gz |
In vlan_input(), if the network interface does not perform h/w based
vlan tag processing, the code will use bcopy() to remove the vlan
tag field but the code copies 2 bytes too many, which essentially
overwrites the protocol type field.
Also, a tag value of -1 is generated for unrecognized interface type,
which would cause an invalid memory access in the vlans[] array.
In addition, removed a line of dead code and its associated comments.
Reviewed by: sam
Diffstat (limited to 'sys/net/if_vlan.c')
-rw-r--r-- | sys/net/if_vlan.c | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/sys/net/if_vlan.c b/sys/net/if_vlan.c index 34ef7ee..55af9c9 100644 --- a/sys/net/if_vlan.c +++ b/sys/net/if_vlan.c @@ -917,21 +917,15 @@ vlan_input(struct ifnet *ifp, struct mbuf *m) __func__, ntohs(evl->evl_encap_proto))); tag = EVL_VLANOFTAG(ntohs(evl->evl_tag)); - - /* - * Restore the original ethertype. We'll remove - * the encapsulation after we've found the vlan - * interface corresponding to the tag. - */ - evl->evl_encap_proto = evl->evl_proto; break; default: - tag = (uint16_t) -1; -#ifdef INVARIANTS - panic("%s: unsupported if_type (%u)", - __func__, ifp->if_type); +#ifdef DEBUG + /* XXX rate limit? */ + if_printf(ifp, "unsupported if_type %u", ifp->if_type); #endif - break; + m_freem(m); + ifp->if_noproto++; /* XXX? */ + return; } } @@ -952,12 +946,12 @@ vlan_input(struct ifnet *ifp, struct mbuf *m) if (mtag == NULL) { /* * Packet had an in-line encapsulation header; - * remove it. The original header has already - * been fixed up above. + * remove it. Note that we leave the type field + * unchanged; we only copy up the mac addresses. */ bcopy(mtod(m, caddr_t), mtod(m, caddr_t) + ETHER_VLAN_ENCAP_LEN, - ETHER_HDR_LEN); + ETHER_HDR_LEN - ETHER_TYPE_LEN); m_adj(m, ETHER_VLAN_ENCAP_LEN); } |