-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
=============================================================================

FreeBSD-EN-09:02.bce                                            Errata Notice

                                                          The FreeBSD Project
Topic:		bce(4) does not work with lagg(4) LACP mode
Category:	core

Module:		sys/dev

Announced:	2009-06-24

Credits:	Pete French

		David Christensen

Affects:	FreeBSD 7.2

Corrected:	2009-05-20 21:13:49 (RELENG_7, 7.2-STABLE)

		2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security

Advisories, including descriptions of the fields above, security

branches, and the following sections, please visit

.
I.	Background
bce(4) is a network device driver for Broadcom NetXtreme II

(BCM5706/5708/5709/5716) PCI/PCIe Gigabit Ethernet adapters.  The

lagg(4) driver is a pseudo network interface driver which allows

aggregation of multiple network interfaces as one virtual interface

for the purpose of providing fault-tolerance and high-speed links.
II.	Problem Description
The bce(4) driver used an incorrect total packet length calculation.  This

bug was accidentally added just after 7.1-RELEASE.
III.	Impact
When adding a bce(4) interface on the system as a lagg(4) member with

the LACP aggregation protocol enabled network communication via the

bce(4) interface stops completely.  Although the bce(4) interface

works if it is not a lagg(4) member, the incoming traffic statistics

which can be found in netstat(1) output will be incorrect because

every packet is recognized as full-sized one.
IV.	Workaround
No workaround is available.
V.	Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2

   security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 7.2 system.
a) Download the relevant patch from the location below, and verify the

   detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch

# fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch.asc
b) Apply the patch.
# cd /usr/src

# patch < /path/to/patch
c) Recompile your kernel as described in

    and reboot

   the system.
VI.	Correction details
The following list contains the revision numbers of each file that was

corrected in FreeBSD.
CVS:
Branch								 Revision

  Path

- -------------------------------------------------------------------------

RELENG_7

  src/sys/dev/bce/if_bce.c				         1.34.2.8

  src/sys/dev/bce/if_bcereg.c				         1.16.2.3

RELENG_7_2

  src/UPDATING                                             1.507.2.23.2.5

  src/sys/conf/newvers.sh                                   1.72.2.11.2.6

  src/sys/dev/bce/if_bce.c                                   1.34.2.7.2.2

- -------------------------------------------------------------------------
Subversion:
Branch/path                                                      Revision

- -------------------------------------------------------------------------

stable/7/                                                         r192477

releng/7.2/                                                       r194808

- -------------------------------------------------------------------------
VII.	References
The latest revision of this advisory is available at

http://security.FreeBSD.org/advisories/FreeBSD-EN-09:02.bce.asc

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAkpBu9cACgkQFdaIBMps37IyrgCeKorJrpSXubynKzNJ2ld4j1K3

RqoAnAjhR8Fld9c8gJUIP/BuQ0wx2atT

=oSkz

-----END PGP SIGNATURE-----

_______________________________________________

freebsd-announce@freebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-announce

To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"