[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3.2: pf_test not called from if_bridge.c

To: misc@openbsd.org
Subject: Re: 3.2: pf_test not called from if_bridge.c
From: Darren Reed <avalon@coombs.anu.edu.au>
Date: Tue, 10 Dec 2002 13:54:27 +1100 (Australia/ACT)

In some mail from avalon, sie said:
> 
> 
> At about line 2227 of if_bridge.c, there is the following:
>                 if (tdb != NULL) {
>                         /*
>                          * We don't need to do loop detection, the   
>                          * bridge will do that for us.
>                          */
> #if NFP > 0
>                         switch (af) {
> #ifdef INET
> 
> 
> The "#if NFP" should be "#if NPF", otherwise pf_test() never gets called
> for this case.  If you were counting on pf filtering these packets, I
> suppose this would be a security problem for you...errata anyone?

On closer inspection, I doubt whether that section of code has ever been
exercised unless it's safe to call m_freem(m) on special occasions when
pf says dont let a packet past (I expect a panic along the lines of
m_freem(m == NULL))..

Prev by Date: Re: pf and windows networking
Next by Date: Re: pcAnywhere and isakmpd
Prev by thread: 3.2: pf_test not called from if_bridge.c
Next by thread: Re: 3.2: pf_test not called from if_bridge.c
Index(es):
- Date
- Thread