DragonFly submit List (threaded) for 2008-10
DragonFly BSD
DragonFly submit List (threaded) for 2008-10
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: fix ip_input m_len assertion


From: "Sepherosa Ziehau" <sepherosa@xxxxxxxxx>
Date: Tue, 28 Oct 2008 10:35:59 +0800

On Tue, Oct 28, 2008 at 1:35 AM, Nicolas Thery <nthery@gmail.com> wrote:
> 2008/10/27 Sepherosa Ziehau <sepherosa@gmail.com>:
>> Hi all,
>>
>> Following patch fixes:
>> - The assertion in ip_input, should test sizeof(struct ip) instead of sizeof(ip)
>> - Make sure that ip_input's precondition meets in ip_localforward
>> - Don't allow raw ip socket to send ip packet whose header length is
>> less than the minimum
>>
>> http://leaf.dragonflybsd.org/~sephe/ip_assert.diff
>>
>> Please test/review.
>
> The diff looks fine to me  (but I don't know much about networking).
>
> Out of curiosity in ip_localforward(), how can the packet be freed
> while we are trying to forward it?
>
> +                               /* The packet was freed; we are done */

Above comment is in following code block:
+		if (m->m_len < hlen) {
+			m = m_pullup(m, hlen);
+			if (m == NULL) {
+				/* The packet was freed; we are done */
+				return 1;
+			}
+		}

If m_pullup failed ('m' is freed), then we lost the mbuf, so we could
not return 0 to let ip_output keep going.

Best Regards,
sephe

-- 
Live Free or Die



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]