iflib: assemble_segments -> rxd_frag_to_sd -> pfil_run_hooks
Andriy Gapon
avg at FreeBSD.org
Thu Jan 16 14:38:24 UTC 2020
Something that confuses me in the iflib code.
I see that assemble_segments() repeatedly calls rxd_frag_to_sd() until all
fragments / segments of a packet are processee. rxd_frag_to_sd() can call
pfil_run_hooks() for each fragment:
if (rxq->pfil != NULL && PFIL_HOOKED_IN(rxq->pfil) && pf_rv != NULL) {
payload = *sd->ifsd_cl;
payload += ri->iri_pad;
len = ri->iri_len - ri->iri_pad;
*pf_rv = pfil_run_hooks(rxq->pfil, payload, ri->iri_ifp,
len | PFIL_MEMPTR | PFIL_IN, NULL);
What confuses it is how the hooks can understand whether they are looking at the
first fragment or the N-th. As far as I can see, the hooks get only the raw
data and its length. So, isn't it possible that a hook can misinterpret some
arbitrary data in N-th fragment as, e.g., some header field that is expected to
be only in the first fragment?
I could be missing something obvious here as I've never dealt with iflib until
recently and never with pfil code at all.
Thanks!
P.S.
Also, there is an else clause for the above if:
} else {
fl->ifl_sds.ifsd_m[cidx] = NULL;
*pf_rv = PFIL_PASS;
}
If pf_rv can be NULL, shouldn't that be checked in this branch as well?
--
Andriy Gapon
More information about the freebsd-net
mailing list