-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-09:02.bce Errata Notice The FreeBSD Project Topic: bce(4) does not work with lagg(4) LACP mode Category: core Module: sys/dev Announced: 2009-06-24 Credits: Pete French David Christensen Affects: FreeBSD 7.2 Corrected: 2009-05-20 21:13:49 (RELENG_7, 7.2-STABLE) 2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background bce(4) is a network device driver for Broadcom NetXtreme II (BCM5706/5708/5709/5716) PCI/PCIe Gigabit Ethernet adapters. The lagg(4) driver is a pseudo network interface driver which allows aggregation of multiple network interfaces as one virtual interface for the purpose of providing fault-tolerance and high-speed links. II. Problem Description The bce(4) driver used an incorrect total packet length calculation. This bug was accidentally added just after 7.1-RELEASE. III. Impact When adding a bce(4) interface on the system as a lagg(4) member with the LACP aggregation protocol enabled network communication via the bce(4) interface stops completely. Although the bce(4) interface works if it is not a lagg(4) member, the incoming traffic statistics which can be found in netstat(1) output will be incorrect because every packet is recognized as full-sized one. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 7.2 system. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch # fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/sys/dev/bce/if_bce.c 1.34.2.8 src/sys/dev/bce/if_bcereg.c 1.16.2.3 RELENG_7_2 src/UPDATING 1.507.2.23.2.5 src/sys/conf/newvers.sh 1.72.2.11.2.6 src/sys/dev/bce/if_bce.c 1.34.2.7.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r192477 releng/7.2/ r194808 - ------------------------------------------------------------------------- VII. References The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-09:02.bce.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkpBu9cACgkQFdaIBMps37IyrgCeKorJrpSXubynKzNJ2ld4j1K3 RqoAnAjhR8Fld9c8gJUIP/BuQ0wx2atT =oSkz -----END PGP SIGNATURE-----