On Fri, Nov 08, 2002 at 11:14:06AM +0900, itojun@iijlab.net wrote:

 > >Modified Files:
 > >	syssrc/sys/netinet: raw_ip.c
 > >
 > >Log Message:
 > >In the IP_HDRINCL case of rip_output(), if the mbuf is read-only
 > >then copy the header into a new mbuf before modifying it.
 > >
 > >Fixes PR 18809.  Thanks to Chuq Silvers for diagnosing it.
 > 
 > 	i guess we should modify M_PREPEND() to make sure the new portion
 > 	is read/write.  how does it sound?

That wasn't the problem.  M_PREPEND() does, in fact, do a read/write
check, because it uses M_LEADINGSPACE(), which uses M_READONLY().

Besides, M_PREPEND() is only used in the non-IP_HDRINCL case.  That
case works fine.

The problem was the IP_HDRINCL case, which does NOT use M_PREPEND().
Instead, since the header is already there (no need to prepend it),
it just put ip_len and ip_off in network order, and set ip_id.  Those
modifications of the buffer need to be protected with an M_READONLY()
check, which is what I added.

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>