Page MenuHomeFreeBSD
Differential D3534

pf: Fix misdetection of forwarding when net.link.bridge.pfil_bridge is set
ClosedPublic
Actions

Authored by kp on Aug 30 2015, 8:12 PM.
Tags
None
Referenced Files
Unknown Object (File)
Jan 14 2024, 1:26 PM
Unknown Object (File)
Dec 28 2023, 7:10 AM
Unknown Object (File)
Dec 20 2023, 12:09 AM
Unknown Object (File)
Oct 11 2023, 10:55 AM
Unknown Object (File)
Oct 11 2023, 10:55 AM
Unknown Object (File)
Oct 1 2023, 3:09 AM
Unknown Object (File)
Aug 24 2023, 7:59 AM
Unknown Object (File)
Jul 2 2023, 10:38 PM
View All 86 Files
Subscribers
imp

Details

Reviewers
eri
Group Reviewers
network
Commits
rS287376: pf: Fix misdetection of forwarding when net.link.bridge.pfil_bridge is set
Summary

If net.link.bridge.pfil_bridge is set we can end up thinking we're forwarding in
pf_test6() because the rcvif and the ifp (output interface) are different.
In that case we're bridging though, and the rcvif the the bridge member on which
the packet was received and ifp is the bridge itself.
If we'd set dir to PF_FWD we'd end up calling ip6_forward() which is incorrect.

Instead check if the rcvif is a member of the ifp bridge. (In other words, the
if_bridge is the ifp's softc). If that's the case we're not forwarding but
bridging.

PR: 202351

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

kp updated this revision to Diff 8354.Aug 30 2015, 8:12 PM
kp retitled this revision from to pf: Fix misdetection of forwarding when net.link.bridge.pfil_bridge is set.
kp updated this object.
kp edited the test plan for this revision. (Show Details)
kp added a reviewer: network.
kp set the repository for this revision to rS FreeBSD src repository - subversion.
Herald added a subscriber: imp. · View Herald TranscriptAug 30 2015, 8:12 PM
eri added a reviewer: eri.Aug 31 2015, 6:31 AM
eri edited edge metadata.

Did this behavior started after implementing the re fragmentation functinality?

sys/netpfil/pf/pf.c
6088–6098

Can you put a comment on top of this explaining why the check for the bridge

kp added a comment.Aug 31 2015, 6:34 AM

Yes, that's when the entire check and the call to pf_refragment6() at the bottom of pf_test6() were introduced.

I'll update the review later today with the comment you asked for.

kp updated this revision to Diff 8362.Aug 31 2015, 9:25 AM
kp edited edge metadata.
kp removed rS FreeBSD src repository - subversion as the repository for this revision.

Added the comment block.

I also extended the check slightly, to check that rcvif really is a bridge member. Mostly for the unlikely case where the output interface doesn't have a softc, but it also clarifies things I little I think.

eri accepted this revision.Aug 31 2015, 10:07 AM
eri edited edge metadata.

I would have put this in pf_refragment6 function call but lets put this in and see later on to improve it further.

This revision is now accepted and ready to land.Aug 31 2015, 10:07 AM
Closed by commit rS287376: pf: Fix misdetection of forwarding when net.link.bridge.pfil_bridge is set (authored by kp). · Explain WhySep 1 2015, 7:04 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
12 lines

Diff 8362

View Options

sys/netpfil/pf/pf.c

Loading...