pfil invariant proposal: mbuf begins with contiguous IP header
Darren Reed
darrenr at freebsd.org
Tue Jun 5 18:24:24 UTC 2012
> Quoting from pfil(9)
>
> When a filter is invoked, the packet appears just as if it ``came off the
> wire''. That is, all protocol fields are in network byte order. [...]
pfil(9) is already out of date with respect to FreeBSD as
FreeBSD passes both ip_len and ip_off through in host byte
order. As you noted, pf is confused by this elsewhere and
tries to do a m_copym of an incorrect byte count.
> This should be extended to include the guarantee that the mbuf begins
> with a contiguous IP header, i.e. mtod(*mp, struct ip *) may be used to
> access all IP header fields.
For the present, this is a sensible addition but long term, I think the
pfil interface needs to advance to supporting the mbuf where the packet
data starts being in a different mbuf to that which is the start of the
packet.
Darren
More information about the freebsd-net
mailing list