Here's a new diff to convert carp_input() to use ether_input_mbuf()
instead of ether_input(). This is a necessary step to be able to
convert other pseudo-drivers to if_input() but it is just needed for
the transition.
This version only call M_PREPEND(9) on mbufs that will be passed to
ether_input_mbuf(9). This fix the cases where vlan_input() returns
1 and ether_input() continue its processing believing the mbuf hasn't
been modified.
This version also returns 0 in case M_PREPEND(9) fails, preventing a
use after free.
Does it work for you, ok?
Index: netinet/ip_carp.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_carp.c,v
retrieving revision 1.252
diff -u -p -r1.252 ip_carp.c
--- netinet/ip_carp.c 21 Apr 2015 09:35:32 -0000 1.252
+++ netinet/ip_carp.c 21 Apr 2015 10:22:10 -0000
@@ -1416,15 +1416,15 @@ carp_our_mcastaddr(struct ifnet *ifp, u_
int
carp_input(struct ifnet *ifp0, struct ether_header *eh0, struct mbuf *m)
{
- struct ether_header eh;
+ struct ether_header *eh;
struct carp_if *cif = (struct carp_if *)ifp0->if_carp;
struct ifnet *ifp;
- memcpy(&eh, eh0, sizeof(eh));
+ ifp = carp_ourether(cif, eh0->ether_dhost);
+ if (ifp == NULL && (m->m_flags & (M_BCAST|M_MCAST)) == 0)
+ return (1);
- if ((ifp = carp_ourether(cif, eh0->ether_dhost)))
- ;
- else if (m->m_flags & (M_BCAST|M_MCAST)) {
+ if (ifp == NULL) {
struct carp_softc *vh;
struct mbuf *m0;
@@ -1438,30 +1438,39 @@ carp_input(struct ifnet *ifp0, struct et
m0 = m_copym2(m, 0, M_COPYALL, M_DONTWAIT);
if (m0 == NULL)
continue;
+ M_PREPEND(m0, sizeof(*eh), M_DONTWAIT);
+ if (m0 == NULL)
+ continue;
+ eh = mtod(m0, struct ether_header *);
+ memmove(eh, eh0, sizeof(*eh));
+
m0->m_pkthdr.rcvif = &vh->sc_if;
#if NBPFILTER > 0
if (vh->sc_if.if_bpf)
- bpf_mtap_hdr(vh->sc_if.if_bpf, (char *)&eh,
- ETHER_HDR_LEN, m0, BPF_DIRECTION_IN, NULL);
+ bpf_mtap_ether(vh->sc_if.if_bpf, m0,
+ BPF_DIRECTION_IN);
#endif
vh->sc_if.if_ipackets++;
- ether_input(m0, &eh);
+ ether_input_mbuf(&vh->sc_if, m0);
}
+
return (1);
}
- if (ifp == NULL)
- return (1);
+ M_PREPEND(m, sizeof(*eh), M_DONTWAIT);
+ if (m == NULL)
+ return (0);
+ eh = mtod(m, struct ether_header *);
+ memmove(eh, eh0, sizeof(*eh));
m->m_pkthdr.rcvif = ifp;
#if NBPFILTER > 0
if (ifp->if_bpf)
- bpf_mtap_hdr(ifp->if_bpf, (char *)&eh, ETHER_HDR_LEN, m,
- BPF_DIRECTION_IN, NULL);
+ bpf_mtap_ether(ifp->if_bpf, m, BPF_DIRECTION_IN);
#endif
ifp->if_ipackets++;
- ether_input(m, &eh);
+ ether_input_mbuf(ifp, m);
return (0);
}
