From joost@jodocus.org  Mon May 16 19:02:27 2005
Return-Path: <joost@jodocus.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 897EF16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 May 2005 19:02:27 +0000 (GMT)
Received: from bps.jodocus.org (g157016.upc-g.chello.nl [80.57.157.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B458C43DA3
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 May 2005 19:02:26 +0000 (GMT)
	(envelope-from joost@jodocus.org)
Received: from jodocus.org (localhost [127.0.0.1])
	by bps.jodocus.org (8.13.3/8.13.1) with ESMTP id j4GJ2K0r065357
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 May 2005 21:02:20 +0200 (CEST)
	(envelope-from joost@jodocus.org)
Received: (from joost@localhost)
	by jodocus.org (8.13.3/8.13.1/Submit) id j4GJ2Ke9065356;
	Mon, 16 May 2005 21:02:20 +0200 (CEST)
	(envelope-from joost)
Message-Id: <200505161902.j4GJ2Ke9065356@jodocus.org>
Date: Mon, 16 May 2005 21:02:20 +0200 (CEST)
From: Joost Bekkers <joost@jodocus.org>
Reply-To: Joost Bekkers <joost@jodocus.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: incorrect handling of an empty pfil list in pfil_run_hooks()
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         81128
>Category:       kern
>Synopsis:       incorrect handling of an empty pfil list in pfil_run_hooks()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    mlaier
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 16 19:10:03 GMT 2005
>Closed-Date:    Sat Jun 11 06:22:13 GMT 2005
>Last-Modified:  Sat Jun 11 06:22:13 GMT 2005
>Originator:     Joost Bekkers
>Release:        FreeBSD 5.4-RELEASE i386
>Organization:
>Environment:
System: FreeBSD bps.jodocus.org 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Tue May 10 13:46:16 CEST 2005 joost@bps.jodocus.org:/usr/obj/usr/src/sys/bps i386


>Description:

pfil_run_hooks() in sys/net/pfil.c currently contains:

========================
if (ph->ph_busy_count == -1 || ph->ph_want_write) {
	m_freem(*mp);
	*mp = NULL;
	return (ENOBUFS);
}
========================

'ph_busy_count == -1' means there are no hooks in either the in or out list.
Which means the packet should be passed and not dropped as is now the case.

The problem currently doesn't surface because everywhere pfil_run_hooks() is
called, the call is preceded by a check for 'ph_busy_count == -1'. If true
the call is skipped.

>How-To-Repeat:
>Fix:

split the if into two parts:

if (ph->ph_busy_count == -1)
	return 0;
if (ph->ph_want_write) {
	m_freem(*mp);
	*mp = NULL;
	return (ENOBUFS);
}

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->mlaier 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Mon May 23 16:44:56 GMT 2005 
Responsible-Changed-Why:  
Max works on pfil(9). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=81128 
State-Changed-From-To: open->patched 
State-Changed-By: mlaier 
State-Changed-When: Mon May 23 17:07:35 GMT 2005 
State-Changed-Why:  
Committed to HEAD.  Very good catch, thanks a lot. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=81128 
State-Changed-From-To: patched->closed 
State-Changed-By: mlaier 
State-Changed-When: Sat Jun 11 06:21:48 GMT 2005 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=81128 
>Unformatted:
