From owner-freebsd-bugs Wed Jul 5 22:44:24 1995 Return-Path: bugs-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA26397 for bugs-outgoing; Wed, 5 Jul 1995 22:44:24 -0700 Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id WAA26383 for ; Wed, 5 Jul 1995 22:44:19 -0700 Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <14767(3)>; Wed, 5 Jul 1995 22:43:33 PDT Received: from localhost by crevenia.parc.xerox.com with SMTP id <49860>; Wed, 5 Jul 1995 22:43:25 -0700 To: bugs@freebsd.org Subject: ipfw 'reject' panics the system Date: Wed, 5 Jul 1995 22:43:22 PDT From: Bill Fenner Message-Id: <95Jul5.224325pdt.49860@crevenia.parc.xerox.com> Sender: bugs-owner@freebsd.org Precedence: bulk I took a glance at the firewall stuff when Michael Butler posted his most recent message saying that using the firewall reject code will panic the machine when a rejected packet comes in. It turns out that the firewall code uses dtom(ip) on a rejected packet, but it's entirely possible that the packet is in a cluster mbuf, on which dtom() doesn't work. I fixed the code to pass the original mbuf along with the ip pointer, and Michael said his panics went away. Can someone (review and) commit these diffs? Thanks, Bill *** ip_input.c.orig Thu Jul 6 00:55:40 1995 --- ip_input.c Thu Jul 6 00:56:19 1995 *************** *** 242,248 **** */ if (ip_fw_chk_ptr!=NULL) ! if (!(*ip_fw_chk_ptr)(ip,m->m_pkthdr.rcvif,ip_fw_chain) ) { goto bad; } --- 242,248 ---- */ if (ip_fw_chk_ptr!=NULL) ! if (!(*ip_fw_chk_ptr)(m,ip,m->m_pkthdr.rcvif,ip_fw_chain) ) { goto bad; } *** ip_fw.c.orig Wed Jul 5 17:47:06 1995 --- ip_fw.c Wed Jul 5 17:47:38 1995 *************** *** 104,110 **** #ifdef IPFIREWALL int ! ip_fw_chk(ip, rif, chain) struct ip *ip; struct ifnet *rif; struct ip_fw *chain; --- 104,111 ---- #ifdef IPFIREWALL int ! ip_fw_chk(m, ip, rif, chain) ! struct mbuf *m; struct ip *ip; struct ifnet *rif; struct ip_fw *chain; *************** *** 115,121 **** struct icmp *icmp = (struct icmp *) ((u_long *) ip + ip->ip_hl); struct ifaddr *ia = NULL, *ia_p; struct in_addr src, dst, ia_i; - struct mbuf *m; u_short src_port = 0, dst_port = 0; u_short f_prt = 0, prt; char notcpsyn = 1; --- 116,121 ---- *************** *** 302,308 **** return TRUE; bad_packet: - m = dtom(ip); if (f != NULL) { /* * Do not ICMP reply to icmp packets....:) or to packets --- 302,307 ---- *** ip_fw.h.orig Wed Jul 5 17:47:11 1995 --- ip_fw.h Wed Jul 5 17:48:03 1995 *************** *** 126,132 **** /* * Function pointers. */ ! extern int (*ip_fw_chk_ptr)(struct ip *,struct ifnet *,struct ip_fw *); extern int (*ip_fw_ctl_ptr)(int,struct mbuf *); extern void (*ip_acct_cnt_ptr)(struct ip *,struct ifnet *,struct ip_fw *,int); --- 126,132 ---- /* * Function pointers. */ ! extern int (*ip_fw_chk_ptr)(struct mbuf *,struct ip *,struct ifnet *,struct ip_fw *); extern int (*ip_fw_ctl_ptr)(int,struct mbuf *); extern void (*ip_acct_cnt_ptr)(struct ip *,struct ifnet *,struct ip_fw *,int); *************** *** 135,141 **** /* * Function definitions. */ ! int ip_fw_chk(struct ip *,struct ifnet *,struct ip_fw *); int ip_fw_ctl(int,struct mbuf *); void ip_acct_cnt(struct ip *,struct ifnet *,struct ip_fw *,int); --- 135,141 ---- /* * Function definitions. */ ! int ip_fw_chk(struct mbuf *,struct ip *,struct ifnet *,struct ip_fw *); int ip_fw_ctl(int,struct mbuf *); void ip_acct_cnt(struct ip *,struct ifnet *,struct ip_fw *,int);