On Wed, Jul 17, 2019 at 04:35:22PM -0300, Martin Pieuchot wrote:
> Diff below is a rework of Eygene's submission to avoid duplicating the
> logic leading to the re-enqueue of a packet based on a matching MAC
> address.
>
> The bug first explained by Eygene [0] happens when multiple members of
> a bridge(4) share the same MAC address. In that particular case the
> order of the members matter as the first one encounter during the loop
> will be considered as the "receiving" interface.
>
> The idea of the fix is to prefer the physical interface instead, which
> in this case is referenced by the `ifp' argument of bridge_process().
>
> The diff below does a bit of plumbing to avoid code duplication:
>
> - rename the original port member descriptor from `bif' to `bif0'
> - check for bad source MAC (loop prevention) early
> - check for wrongly crafted packet before dereferencing `eh'
>
> Ok?
OK bluhm@
> sc = brifp->if_softc;
> SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) {
> - if (bif->ifp == ifp)
> - break;
> + if (bridge_ourether(bif->ifp, eh->ether_shost))
> + goto bad;
> + if (bif->ifp == ifp) {
> + bif0 = bif;
> + }
This { } is not KNF.
