cvs commit: src/sys/net if_ethersubr.c
Ruslan Ermilov
ru at freebsd.org
Mon Feb 14 18:14:43 GMT 2005
Hi Sam,
On Mon, Feb 14, 2005 at 08:30:08AM -0800, Sam Leffler wrote:
> Ruslan Ermilov wrote:
> >ru 2005-02-14 08:29:42 UTC
> >
> > FreeBSD src repository
> >
> > Modified files:
> > sys/net if_ethersubr.c
> > Log:
> > If no vlan(4) interfaces are configured for the interface, and the
> > driver did VLAN decapsulation in hardware, we were passing a frame
> > as if it came for the parent (non-VLAN) interface. Stop this from
> > happening.
> >
> > Reminded by: glebius
> > Security: This could pose a security risk in some setups
> >
> > Revision Changes Path
> > 1.183 +10 -3 src/sys/net/if_ethersubr.c
> >http://cvsweb.FreeBSD.org/src/sys/net/if_ethersubr.c.diff?r1=1.182&r2=1.183
> >
> >
> Looks like you should use m_tag_find instead of
> m_tag_first+m_tag_locate.
>
Unfortunately m_tag_find() is only the compatibility function and
doesn't work for FreeBSD mtags.
> This also has the potential to noticeably
> affect performance so I think a better solution is needed.
>
Here are my thoughts. On a typical input path, there will be
either one or zero mtags, one if driver provided us with the
VLAN mtag, so effectively we replaced "ifp->if_nvlans" with
"m_tag_first(m) != NULL", and this doesn't look like a huge
performance downgrade to me, if at all.
Cheers,
--
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20050214/75d9748e/attachment.bin
More information about the cvs-src
mailing list