diff options
author | maxim <maxim@FreeBSD.org> | 2010-08-30 09:29:51 +0000 |
---|---|---|
committer | maxim <maxim@FreeBSD.org> | 2010-08-30 09:29:51 +0000 |
commit | 5420fffab06a31d95f5b6ffd70f397140ad1748c (patch) | |
tree | 7d60ceccdad4defc6b21fb7b884feced0e6e8738 /sys/netinet | |
parent | 222b8f3d0e3408378a451bf3fe1e58d7955cd0d0 (diff) | |
download | FreeBSD-src-5420fffab06a31d95f5b6ffd70f397140ad1748c.zip FreeBSD-src-5420fffab06a31d95f5b6ffd70f397140ad1748c.tar.gz |
o Some programs could send broadcast/multicast traffic to ipfw
pseudo-interface. This leads to a panic due to uninitialized
if_broadcastaddr address. Initialize it and implement ip_output()
method to prevent mbuf leak later.
ipfw pseudo-interface should never send anything therefore call
panic(9) in if_start() method.
PR: kern/149807
Submitted by: Dmitrij Tejblum
MFC after: 2 weeks
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ipfw/ip_fw_log.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/sys/netinet/ipfw/ip_fw_log.c b/sys/netinet/ipfw/ip_fw_log.c index 2995f2c..3560e13 100644 --- a/sys/netinet/ipfw/ip_fw_log.c +++ b/sys/netinet/ipfw/ip_fw_log.c @@ -103,6 +103,24 @@ log_dummy(struct ifnet *ifp, u_long cmd, caddr_t addr) return EINVAL; } +static int +ipfw_log_output(struct ifnet *ifp, struct mbuf *m, + struct sockaddr *dst, struct route *ro) +{ + if (m != NULL) + m_freem(m); + return EINVAL; +} + +static void +ipfw_log_start(struct ifnet* ifp) +{ + panic("ipfw_log_start() must not be called"); +} + +static const u_char ipfwbroadcastaddr[6] = + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + void ipfw_log_bpf(int onoff) { @@ -119,11 +137,12 @@ ipfw_log_bpf(int onoff) ifp->if_flags = IFF_UP | IFF_SIMPLEX | IFF_MULTICAST; ifp->if_init = (void *)log_dummy; ifp->if_ioctl = log_dummy; - ifp->if_start = (void *)log_dummy; - ifp->if_output = (void *)log_dummy; + ifp->if_start = ipfw_log_start; + ifp->if_output = ipfw_log_output; ifp->if_addrlen = 6; ifp->if_hdrlen = 14; if_attach(ifp); + ifp->if_broadcastaddr = ipfwbroadcastaddr; ifp->if_baudrate = IF_Mbps(10); bpfattach(ifp, DLT_EN10MB, 14); log_if = ifp; |