Subject: ipsec4_splithdr still an issue with netbsd-4
To: None <tech-net@netbsd.org>
From: Greg Troxel <gdt@ir.bbn.com>
List: tech-net
Date: 04/12/2007 15:00:22
Earlier Emmanuel Dreyfus reported panics with ipsec4_splithdr:

http://mail-index.netbsd.org/tech-net/2006/06/15/0002.html

I have also experienced these.  The following patch against netbsd-4
results in the following output:

ipsec4_splithdr: m->m_len 0 m_length 176 < 20
ipsec4_splithdr: m->m_len 0 m_length 176 < 20

So, it seems that a 0-length mbuf got prepended somehow, and
ipsec4_splithdr assumes this isn't the case.  Probably it should do
m_pullup rather than just asserting.  Thoughts?


--- ipsec.c.~1.110.2.1.~	2007-01-29 15:58:56.000000000 -0500
+++ ipsec.c	2007-04-11 12:38:25.000000000 -0400
@@ -3219,8 +3219,16 @@ ipsec4_splithdr(m)
 	struct ip *ip;
 	int hlen;
 
-	if (m->m_len < sizeof(struct ip))
+	if (m->m_len < sizeof(struct ip)) {
+		/* XXX Print and drop until we understand. */
+		printf("ipsec4_splithdr: m->m_len %d m_length %d < %ld\n",
+		       m->m_len, m_length(m), sizeof(struct ip));
+		m_freem(m);
+		return NULL;
+#if 0
 		panic("ipsec4_splithdr: first mbuf too short");
+#endif
+	}
 	ip = mtod(m, struct ip *);
 	hlen = ip->ip_hl << 2;
 	if (m->m_len > hlen) {