From nobody@FreeBSD.org  Tue Feb 17 18:39:09 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9F4F516A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 17 Feb 2004 18:39:09 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9C5D743D1D
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 17 Feb 2004 18:39:09 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i1I2d972008482
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 17 Feb 2004 18:39:09 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.10/8.12.10/Submit) id i1I2d986008465;
	Tue, 17 Feb 2004 18:39:09 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200402180239.i1I2d986008465@www.freebsd.org>
Date: Tue, 17 Feb 2004 18:39:09 -0800 (PST)
From: Roselyn Lee <rosel@verniernetworks.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ether_input computes incorrect m_pkthdr.len when mbufs are chained
X-Send-Pr-Version: www-2.3

>Number:         62989
>Category:       kern
>Synopsis:       ether_input computes incorrect m_pkthdr.len when mbufs are chained
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ru
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 17 18:40:30 PST 2004
>Closed-Date:    Wed Mar 03 04:37:10 PST 2004
>Last-Modified:  Wed Mar 03 04:37:10 PST 2004
>Originator:     Roselyn Lee
>Release:        4.8
>Organization:
Vernier Networks
>Environment:
4.8-RELEASE FreeBSD
>Description:
      m_pkthdr.len that is computed by ether_input() incorrectly assumes m_len is the length of the entire packet.  For example, the sis0 driver could return a list of mbufs to hold an incoming packet when the system is out of clusters.
>How-To-Repeat:
      
>Fix:
      void
ether_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m)
{
	struct ether_header save_eh;

	if (eh == NULL) {
		if (m->m_len < sizeof(struct ether_header)) {
			/* XXX error in the caller. */
			m_freem(m);
			return;
		}
		m->m_pkthdr.rcvif = ifp;
		eh = mtod(m, struct ether_header *);
		m->m_data += sizeof(struct ether_header);
		m->m_len -= sizeof(struct ether_header);
-		m->m_pkthdr.len = m->m_len;
+               /*
+                * Adjust m_pkthdr.len by the same amount -
+                * do not assume m_pkthdr.len == m_len     
+                */
+               m->m_pkthdr.len -= sizeof (struct ether_header);
	}
>Release-Note:
>Audit-Trail:

From: Ruslan Ermilov <ru@FreeBSD.org>
To: Roselyn Lee <rosel@verniernetworks.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/62989: ether_input computes incorrect m_pkthdr.len when mbufs are chained
Date: Wed, 18 Feb 2004 13:48:59 +0200

 On Tue, Feb 17, 2004 at 06:39:09PM -0800, Roselyn Lee wrote:
 > m_pkthdr.len that is computed by ether_input() incorrectly assumes
 > m_len is the length of the entire packet.  For example, the sis0
 > driver could return a list of mbufs to hold an incoming packet when
 > the system is out of clusters.
 > 
 Can you please try this patch instead and let me know if it
 works for you?
 
 %%%
 Index: if_ethersubr.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/net/if_ethersubr.c,v
 retrieving revision 1.70.2.34
 diff -u -p -r1.70.2.34 if_ethersubr.c
 --- if_ethersubr.c	16 Jan 2004 20:01:16 -0000	1.70.2.34
 +++ if_ethersubr.c	18 Feb 2004 11:39:37 -0000
 @@ -564,9 +564,7 @@ ether_input(struct ifnet *ifp, struct et
  		}
  		m->m_pkthdr.rcvif = ifp;
  		eh = mtod(m, struct ether_header *);
 -		m->m_data += sizeof(struct ether_header);
 -		m->m_len -= sizeof(struct ether_header);
 -		m->m_pkthdr.len = m->m_len;
 +		m_adj(m, sizeof(*eh));
  	}
  
  	/* Check for a BPF tap */
 %%%
 
 
 Cheers,
 -- 
 Ruslan Ermilov
 FreeBSD committer
 ru@FreeBSD.org
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Wed Mar 3 04:35:30 PST 2004 
State-Changed-Why:  
Fixed in if_ethersubr.c,v 1.70.2.36.  Thanks for the spot! 


Responsible-Changed-From-To: freebsd-bugs->ru 
Responsible-Changed-By: ru 
Responsible-Changed-When: Wed Mar 3 04:35:30 PST 2004 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=62989 
>Unformatted:
