CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2021/01/19 15:22:23
Modified files:
sys/net : if_pflog.c pf.c
Log message:
pflog(4) tried to log the translated packet with rdr-to, nat-to,
and af-to addresses and ports applied. Therefore it created a mbuf
chain on the stack with a partial copy. This is too complicated
for IP options, extension header, NAT46 af-to, and fragmented mbuf
chains. It even caused a crash in syzkaller. Usually the length
checks in pf_setup_pdesc() rejected the faked mbuf and the goto
copy logged the packet unmodified. Remove the pflog_mtap() function
and call bpf_mtap_hdr() directly. As the old buggy code was bypassed
in most cases, tcpdump(8) output of pflog does not change.
Uncondionally log the unmodified packet.
Reported-by: [email protected]
OK sashan@
