Summary: | [if_bridge] [patch] if_bridge frees mbuf after pfil hooks returns non-zero | ||
---|---|---|---|
Product: | Base System | Reporter: | Jake Montogmery <jacobmdrop> |
Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> |
Status: | Open --- | ||
Severity: | Affects Only Me | Keywords: | patch |
Priority: | Normal | ||
Version: | Unspecified | ||
Hardware: | Any | ||
OS: | Any |
Description
Jake Montogmery
2010-03-19 15:30:02 UTC
Responsible Changed From-To: freebsd-bugs->freebsd-net Over to maintainer(s). [...] > Create a simple pfil hook and install it with pfil_add_hook(PFIL_IN). > The hook should drop (some) packets by returning a non-zero value. The > hook should free the mbuf on dropped packets by calling m_freem(*mp). > The filter should _not_ modify the mbuf pointer (mp). Install a ^^^^^^^^^ documentation is wrong here. As far as I can see all firewalls in the tree zero mp after free, something like: if (chk && *m) { m_freem(*m); *m = NULL; } Correct fix would be to update documentation and add KASSERT to pfil_run_hooks checking *mp == 0 if hook returned non-zero result. > if_bridge on the system, and pass traffic through the bridge, such > that at least one packet gets dropped by the pfil hook. At some point > shortly after that the system will panic. The panic is usually occurs > in sbflush_internal(), though there are other ways that the corruption > can manifest. For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi> |