[src/trunk]: src/sys/netinet fr_check_wrapper, fr_check_wrapper6:

[yamt <yamt%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c25dccbc9a09
branches:  trunk
changeset: 569789:c25dccbc9a09
user:      yamt <yamt%NetBSD.org@localhost>
date:      Mon Sep 06 10:00:43 2004 +0000

description:
fr_check_wrapper, fr_check_wrapper6:
ensure that mbufs are writable beforehand as ipf assumes.
PR/26773 and PR/26850.

diffstat:

 sys/netinet/ip_fil_netbsd.c |  36 +++++++++++++++++++++++++++++++++---
 1 files changed, 33 insertions(+), 3 deletions(-)

diffs (65 lines):

diff -r 2862167e0e73 -r c25dccbc9a09 sys/netinet/ip_fil_netbsd.c
--- a/sys/netinet/ip_fil_netbsd.c       Mon Sep 06 09:55:13 2004 +0000
+++ b/sys/netinet/ip_fil_netbsd.c       Mon Sep 06 10:00:43 2004 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_fil_netbsd.c,v 1.14 2004/08/04 03:55:06 christos Exp $      */
+/*     $NetBSD: ip_fil_netbsd.c,v 1.15 2004/09/06 10:00:43 yamt Exp $  */
 
 /*
  * Copyright (C) 1993-2003 by Darren Reed.
@@ -125,8 +125,22 @@
 struct ifnet *ifp;
 int dir;
 {
-       struct ip *ip = mtod(*mp, struct ip *);
-       int rv, hlen = ip->ip_hl << 2;
+       struct ip *ip;
+       int rv, hlen;
+       int error;
+
+       /*
+        * ensure that mbufs are writable beforehand
+        * as it's assumed by ipf code.
+        * ip hdr (60 bytes) + tcp hdr (60 bytes) should be enough.
+        * XXX inefficient
+        */
+       error = m_makewritable(mp, 0, 60 + 60, M_DONTWAIT);
+       if (error) {
+               m_freem(*mp);
+               *mp = NULL;
+               return error;
+       }
 
 #if defined(M_CSUM_TCPv4)
        /*
@@ -143,6 +157,9 @@
        }
 #endif /* M_CSUM_TCPv4 */
 
+       ip = mtod(*mp, struct ip *);
+       hlen = ip->ip_hl << 2;
+
        /*
         * We get the packet with all fields in network byte
         * order.  We expect ip_len and ip_off to be in host
@@ -177,7 +194,20 @@
 struct ifnet *ifp;
 int dir;
 {
+       int error;
        
+       /*
+        * ensure that mbufs are writable beforehand
+        * as it's assumed by ipf code.
+        * XXX inefficient
+        */
+       error = m_makewritable(mp, 0, M_COPYALL, M_DONTWAIT);
+       if (error) {
+               m_freem(*mp);
+               *mp = NULL;
+               return error;
+       }
+
        return (fr_check(mtod(*mp, struct ip *), sizeof(struct ip6_hdr),
            ifp, (dir == PFIL_OUT), mp));
 }