netbsd-bugs: kern/2973: bpf returns bogus data for outgoing broadcasts

Subject: kern/2973: bpf returns bogus data for outgoing broadcasts
To: None <gnats-bugs@gnats.netbsd.org>
From: Wolfgang Solfrank <ws@kurt.tools.de>
List: netbsd-bugs
Date: 11/27/1996 17:49:58

>Number:         2973
>Category:       kern
>Synopsis:       bpf returns bogus data for outgoing broadcasts
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 27 09:05:01 1996
>Last-Modified:
>Originator:     Wolfgang Solfrank
>Organization:
NetBSD Hackers
>Release:        NetBSD-current 96-11-25
>Environment:
System: NetBSD august 1.2A NetBSD 1.2A (GENERIC) #35: Mon Nov 25 18:03:02 MET 1996	ws@kurt:/home/NetBSD/kernel/NetBSD/sys/arch/powerpc/compile/GENERIC PowerPC

>Description:
	When sending broadcast packets through a simplex interface
(like e.g. any ethernet interface), the ether_output code stuffs the
packet back through the help of looutput (i.e. the loopback interface
code) as input from the interface.  The copy stuffed back will have a
ethernet header prepended in the case of AF_CCITT and AF_ISO, but not
in the case of AF_INET and AF_NS.  Anyway, if a bpf is setup on the
ethernet interface, the looutput routine will place the packet (with or
without the ethernet header) onto the bpf queue, but with another
4-byte (this is probably a bug of its own) int prepended containing the
address family of the packet.  Since the user of the bpf code cannot find
out about this detour of the packet, it has no possibility to make sense
out of the data received.
>How-To-Repeat:
	Start tcpdump on some ethernet interface, cause the machine to
send a broadcast packet out this interface, and wonder what the odd
hex dump is about.
>Fix:
	Either determine the size of the link level header in looutput
from the interface type (as registered in the if_bpf structure), or
register the header length given in the bpfattach call into the if_bpf
structure.  Use this length to construct a dummy header for AF_INET
and AF_NS, but leave the packet alone for AF_CCITT and AF_ISO.
Alternatively always prepend a link level header in ether_output,
and remove it in looutput before stuffing the packet onto the
appropriate queue for the address family.
>Audit-Trail:
>Unformatted: