Date: Thu, 7 Mar 2002 05:26:18 -0800 (PST) From: David Hedley <david@inty.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/35631: SKIP and IPSEC together cause kernel panic Message-ID: <200203071326.g27DQIg54785@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 35631
>Category: ports
>Synopsis: SKIP and IPSEC together cause kernel panic
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 07 05:30:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: David Hedley
>Release: 4.4-RELEASE
>Organization:
intY Ltd
>Environment:
FreeBSD eddy.hq.inty.net 4.4-RELEASE FreeBSD 4.4-RELEASE #4: Sun Sep 23 15:04:33 BST 2001 david@garth.hq.inty.net:/usr/src/sys/compile/GENERIC i386
>Description:
Running both IPSEC and SKIP packets through the same interface causes a kernel panic.
>How-To-Repeat:
Run both SKIP and IPSEC traffic through the same network interface
>Fix:
Packets decrypted by IPSEC have a NULL receive interface. When an IPSEC-decrypted packet enters SKIP for processing it checks to see if SKIP is enabled on the receive interface. This causes a NULL pointer derefence and a kernel panic
A simple fix to the SKIP port is required:
diff -c -r1.1 skip_es.c
*** skip_es.c 2001/01/30 09:08:46 1.1
--- skip_es.c 2002/03/07 13:18:30
***************
*** 1517,1523 ****
panic("skip_ifinput: mtod returned NULL!");
}
! if (!SKIP_IF(ifp)) {
/*
* SKIP not present on this interface, pass the packet
*/
--- 1517,1523 ----
panic("skip_ifinput: mtod returned NULL!");
}
! if (!ifp || !SKIP_IF(ifp)) {
/*
* SKIP not present on this interface, pass the packet
*/
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203071326.g27DQIg54785>