Subject: kern/4827: Kernel panic on simple route adds.
To: None <gnats-bugs@gnats.netbsd.org>
From: Joel Lindholm <joel@effnet.se>
List: netbsd-bugs
Date: 01/15/1998 15:03:43
>Number: 4827
>Category: kern
>Synopsis: Kernel panic on simple route adds
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jan 15 06:20:01 1998
>Last-Modified:
>Originator: Joel Lindholm
>Organization:
Efficient Networking AB (EffNet AB)
>Release: 1.3_alpha
>Environment:
System: NetBSD effie 1.3_ALPHA NetBSD 1.3_ALPHA (EFFIE) #4: Sat Nov 22 21:36:43 CET 1997 ragge@effie:/usr/src/sys/arch/i386/compile/EFFIE i386
>Description:
If you manually add a host with a specified gateway, where the host
is located on the same subnet as the gateway, the icmp redirect
reply from the gateway will cause a kernel panic in rtredirect
since the rt_gateway in the rtentry is the same as the rtentry,
and thus will be deleted/freed twice.
>How-To-Repeat:
/* host is on the same subnet as the gateway */
route add host gateway
ping the host (will cause a ICMP redirect from the gateway)
(The kernel will complain about not being able to allocate llinfo.)
route delete host
>Fix:
Either return EINVAL when the host/gateway is equal in rtredirect,
or correctly build a new routing entry which is not a gateway.
Which one is correct?
>Audit-Trail:
>Unformatted: