tech-net: Re: crashes in ipfilter on i386

Subject: Re: crashes in ipfilter on i386
To: Darren Reed <darrenr@netbsd.org>
From: Pavel Cahyna <pavel@netbsd.org>
List: tech-net
Date: 09/16/2007 09:48:47

On Sat, Sep 15, 2007 at 07:15:35PM -0700, Darren Reed wrote:
> So I've followed this through ...
> 
> fr_pullup() isn't doing the correct thing.

Try this (untested) patch and see if a message is printed before the
panic.

Index: ip_fil_netbsd.c
===================================================================
RCS file: /cvsroot/src/sys/dist/ipf/netinet/ip_fil_netbsd.c,v
retrieving revision 1.28.2.4
diff -u -p -r1.28.2.4 ip_fil_netbsd.c
--- ip_fil_netbsd.c	16 Jul 2007 11:05:41 -0000	1.28.2.4
+++ ip_fil_netbsd.c	16 Sep 2007 07:48:29 -0000
@@ -1906,6 +1906,9 @@ int len;
 		}
 		ip = MTOD(m, char *) + ipoff;
 	}
+	if (M_LEN(m) < len)
+		printf("fr_pullup malfunction,\n\
+size %d > %d, expect panic soon\n", (int)len, (int)M_LEN(m));
 
 	ATOMIC_INCL(frstats[out].fr_pull[0]);
 	fin->fin_ip = (ip_t *)ip;

Pavel