netbsd-bugs: Re: kern/34994: hang during a ping6 on tap

Subject: Re: kern/34994: hang during a ping6 on tap
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: DEGROOTE Arnaud <degroote@enseirb.fr>
List: netbsd-bugs
Date: 11/07/2006 21:20:02

The following reply was made to PR kern/34994; it has been noted by GNATS.

From: DEGROOTE Arnaud <degroote@enseirb.fr>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/34994: hang during a ping6 on tap
Date: Tue, 7 Nov 2006 21:01:17 +0100

 I have worked a bit on the problem. The issue comes from the 1.120 commit
 in icmp6.c. In the new way, nothing assure us that the icmp6_hdr is in the
 same mbuf than the ip6_hdr. So in some case, nicmp6 doesn't point to the
 real icmp6_hdr. A proposal which can solve the issue ( tested )

 --- icmp6.c     30 Sep 2006 22:53:35 -0000      1.3
 +++ icmp6.c     6 Nov 2006 23:29:32 -0000
 @@ -622,8 +622,7 @@
                         }
                         m_freem(n0);
                 }
 -               nip6 = mtod(n, struct ip6_hdr *);
 -               nicmp6 = (struct icmp6_hdr *)((caddr_t)nip6 + off);
 +           IP6_EXTHDR_GET(nicmp6,struct icmp6_hdr *, n, off,
 sizeof(*nicmp6));
                 nicmp6->icmp6_type = ICMP6_ECHO_REPLY;
                 nicmp6->icmp6_code = 0;
                 if (n) {

 Take cares.

 -- 
 Degroote Arnaud
 ENSEIRB Informatique
 degroote@enseirb.fr