From nobody@FreeBSD.org  Thu Feb  1 05:36:22 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 9F0FB37B69D
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  1 Feb 2001 05:36:20 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f11DaKt70170;
	Thu, 1 Feb 2001 05:36:20 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200102011336.f11DaKt70170@freefall.freebsd.org>
Date: Thu, 1 Feb 2001 05:36:20 -0800 (PST)
From: aigars@ugunssiena.lv
To: freebsd-gnats-submit@FreeBSD.org
Subject: FreeBSD 4.x + bridge + dummynet = crash
X-Send-Pr-Version: www-1.0

>Number:         24780
>Category:       kern
>Synopsis:       FreeBSD 4.x + bridge + dummynet = crash
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 01 05:40:01 PST 2001
>Closed-Date:    Sun Feb 11 15:14:11 PST 2001
>Last-Modified:  Sun Feb 11 15:15:18 PST 2001
>Originator:     Aigars Zaube
>Release:        4.2-RELEASE
>Organization:
SIA Ugunssiena
>Environment:
FreeBSD test.us.lv 4.2-RELEASE FreeBSD 4.2-RELEASE #20: Thu Feb  1 13:33:50 EET 2001     root@test.us.lv:/data/src/sys/compile/KERN1  i386


>Description:
kernel crashes when bridged packet goes through dummynet pipe.

ip_dummynet.c: transmit_event() looks for ethernet header in dn_pkt, 
               not in real packet mbuf.
bridge.c: bdg_forward() throws away ethernet header when passes packet
          to dummynet. May be this is correct, but ethernet header is
          is needed to forward the packet when it comes out from dummynet.
          My patch adds ethernet header back to packet before passing it
          to dummynet, and everything is working great.


>How-To-Repeat:
Compile kernel with bridge and dummynet support.

sysctl -w net.link.ether.bridge=1
sysctl -w net.link.ether.bridge_ipfw=1
ipfw pipe 1 config bw 512kbit/s
ipfw add 1 pipe 1 ip from any to any bridged

Wait for any bridged packet...


>Fix:
======= Fix for sys/netinet/ip_dummynet.c:
404a405
>             struct mbuf *mpkt;
407,408c408,411
<           if (m->m_len < ETHER_HDR_LEN
<             && (m = m_pullup(m, ETHER_HDR_LEN)) == NULL) {
---
>             mpkt=m->m_next;
>           if (mpkt->m_len < ETHER_HDR_LEN
>             && (mpkt = m->m_next = m_pullup(mpkt, ETHER_HDR_LEN)) == NULL) {
>               m_freem(mpkt);
412,413c415,416
<           bcopy(mtod(m, struct ether_header *), &hdr, ETHER_HDR_LEN);
<           m_adj(m, ETHER_HDR_LEN);
---
>           bcopy(mtod(mpkt, struct ether_header *), &hdr, ETHER_HDR_LEN);
>           m_adj(mpkt, ETHER_HDR_LEN);

================================
======= Fix for sys/net/bridge.c:
755a756,759
>           M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT);
>           if (m == NULL)
>                   return ENOBUFS;
>           bcopy(eh, mtod(m, struct ether_header *), ETHER_HDR_LEN);
================================


>Release-Note:
>Audit-Trail:

From: Ruslan Ermilov <ru@FreeBSD.org>
To: aigars@ugunssiena.lv
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/24780: FreeBSD 4.x + bridge + dummynet = crash
Date: Thu, 1 Feb 2001 16:06:10 +0200

 On Thu, Feb 01, 2001 at 05:36:20AM -0800, aigars@ugunssiena.lv wrote:
 [...]
 > 
 > >Environment:
 > FreeBSD test.us.lv 4.2-RELEASE FreeBSD 4.2-RELEASE #20: Thu Feb  1 13:33:50 EET 2001     root@test.us.lv:/data/src/sys/compile/KERN1  i386
 > 
 > 
 > >Description:
 > kernel crashes when bridged packet goes through dummynet pipe.
 > 
 Please upgrade to 4.2-STABLE (a dozen of fixes has been committed
 recently that should fix the panic you observe), and follow up on
 this PR again.
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age
 
State-Changed-From-To: open->closed 
State-Changed-By: luigi 
State-Changed-When: Sun Feb 11 15:14:11 PST 2001 
State-Changed-Why:  
PR not relevant anymore, the code has been upgraded and this particular 
issue fixed. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=24780 
>Unformatted:
