Joerg Sonnenberger has discovered a problem in the snc(4) driver that might result in packets showing up on bpf multiple times. See the changelog for sys/dev/netif/snc/dp83932.c in their source tree[1].
Attached is a fix for HEAD. I am almost sure that it is right, but I'd welcome a review as there might be a chance that sonicput() and the TX interrupt free the mbuf before it gets to bpf. From my reading it seems that the mbuf is "safe" until sc->mtd_free is altered (see comment). Thanks for your input. [1] http://www.dragonflybsd.org/cvsweb/src/sys/dev/netif/snc/dp83932.c -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
Index: dp83932.c =================================================================== RCS file: /usr/store/mlaier/fcvs/src/sys/dev/snc/dp83932.c,v retrieving revision 1.16 diff -u -r1.16 dp83932.c --- dp83932.c 6 Jan 2005 01:43:15 -0000 1.16 +++ dp83932.c 20 Feb 2005 18:23:22 -0000 @@ -346,12 +346,6 @@ M_ASSERTPKTHDR(m); /* - * If bpf is listening on this interface, let it - * see the packet before we commit it to the wire. - */ - BPF_MTAP(ifp, m); - - /* * If there is nothing in the o/p queue, and there is room in * the Tx ring, then send the packet directly. Otherwise append * it to the o/p queue. @@ -361,6 +355,14 @@ return; } + /* + * If bpf is listening on this interface, let it see the packet + * before we commit it to the wire, but only if we are really + * committed to send it. The mbuf is "safe" until we modify + * sc->mtd_free (below). + */ + BPF_MTAP(ifp, m); + sc->mtd_prev = sc->mtd_free; sc->mtd_free = mtd_next;
pgp6cdevfl8dA.pgp
Description: PGP signature