Page MenuHomeFreeBSD

pf: ensure mbufs are writable
ClosedPublic

Authored by kp on Sep 10 2024, 8:20 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 5, 11:54 AM
Unknown Object (File)
Sun, Oct 5, 10:58 AM
Unknown Object (File)
Sun, Oct 5, 7:31 AM
Unknown Object (File)
Sun, Oct 5, 4:58 AM
Unknown Object (File)
Sun, Oct 5, 1:19 AM
Unknown Object (File)
Fri, Sep 12, 10:31 AM
Unknown Object (File)
Sep 1 2025, 4:47 AM
Unknown Object (File)
Aug 15 2025, 3:42 PM

Details

Summary

Ensure that we can modify mbufs before we start processing them. There are a
number of paths where pf will m_copyback() or otherwise modify a packet. Ensure
that this is safe to do.

For example, ip6_forward() will m_copym() the packet before handing it to the
output pfil hook. This results in a non-writable mbuf, which would trigger
assertion failures (see previous commit).

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp requested review of this revision.Sep 10 2024, 8:20 PM
glebius added inline comments.
sys/netpfil/pf/pf.c
8418–8423

Not insisting on this style, but I would write it down this way.

This revision is now accepted and ready to land.Sep 11 2024, 1:57 AM
sys/netpfil/pf/pf.c
8418–8423

I'll include the __predict_false, because that's just clearly better.

I'll also change it to set m at the same time. It doesn't break anything if it's not there because we do set it again with the pull-up later, but we should be consistent about it.

I don't like that one-line construct though. Perhaps your brain is just larger than mine.

This revision was automatically updated to reflect the committed changes.