Ip packet filtering with bridging on freebsd

2000-08-02T00:00:00
ID SECURITYVULNS:DOC:502
Type securityvulns
Reporter Securityvulns
Modified 2000-08-02T00:00:00

Description

If someone is doing packet filtering using ipfw to do packet filtering with a FreeBSD box configured to do bridging, it is relatively easy to make the box go "boom" as none of the standard header sanity checks are done prior to the filter routine being called (check /sys/net/bridge.c) It is a feature "copied" from OpenBSD but somehow large amounts of code were not copied and bugs resulted.