pf: copy out rather than m_pullup() in pf_test_eth_rule()
ClosedPublic
Actions

Authored by kp on Jun 22 2022, 4:14 PM.

Details

Reviewers

Group Reviewers

network
pfsense

Commits

rG488626e55384: pf: copy out rather than m_pullup() in pf_test_eth_rule()

Summary

Don't change the mbuf chain layout. We've encountered alignment issues
in the tcp syncookie code on armv7, which are triggered by the
m_pullup() here.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp created this revision.Jun 22 2022, 4:14 PM

Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptJun 22 2022, 4:14 PM

kp requested review of this revision.Jun 22 2022, 4:14 PM

Harbormaster completed remote builds in B46066: Diff 107254.Jun 22 2022, 4:14 PM

mjg added a subscriber: mjg.Jun 22 2022, 4:22 PM

mjg added inline comments.

sys/netpfil/pf/pf.c
3920–3921	now that m does not change this assignment is redundant more importantly though for non v4/v6 packets src and dst will be NULL and code below will be reached. that's asking for a remotely-induced crash down the road.

kp added inline comments.Jun 22 2022, 5:13 PM

sys/netpfil/pf/pf.c
3920–3921	I'll remove the redundant assignment. src/dst are not even NULL, they're uninitialised. This hasn't actually changed with this patch, but we check `af` to see if we have an address we can compare to or not. It'd probably be safer to initialise src and dst to NULL, but that still wouldn't prevent a panic if we mess up the `af` handling.