From owner-freebsd-bugs Thu Jul 6 00:52:21 1995 Return-Path: bugs-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA09441 for bugs-outgoing; Thu, 6 Jul 1995 00:52:21 -0700 Received: from Root.COM (implode.Root.COM [198.145.90.1]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id AAA09435 for ; Thu, 6 Jul 1995 00:52:20 -0700 Received: from corbin.Root.COM (corbin [198.145.90.18]) by Root.COM (8.6.11/8.6.5) with ESMTP id AAA00479; Thu, 6 Jul 1995 00:52:09 -0700 Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.11/8.6.5) with SMTP id AAA02233; Thu, 6 Jul 1995 00:52:49 -0700 Message-Id: <199507060752.AAA02233@corbin.Root.COM> To: Mike Pritchard cc: fenner@parc.xerox.com (Bill Fenner), bugs@freebsd.org Subject: Re: ipfw 'reject' panics the system In-reply-to: Your message of "Thu, 06 Jul 95 02:28:30 CDT." <199507060728.CAA03114@mpp.com> From: David Greenman Reply-To: davidg@Root.COM Date: Thu, 06 Jul 1995 00:52:48 -0700 Sender: bugs-owner@freebsd.org Precedence: bulk >> I took a glance at the firewall stuff when Michael Butler posted his most >> recent message saying that using the firewall reject code will panic the >> machine when a rejected packet comes in. It turns out that the firewall >> code uses dtom(ip) on a rejected packet, but it's entirely possible that >> the packet is in a cluster mbuf, on which dtom() doesn't work. I fixed >> the code to pass the original mbuf along with the ip pointer, and Michael >> said his panics went away. >> >> Can someone (review and) commit these diffs? >> >> Thanks, >> >> Bill >> >>...patches deleted... ... >After a quick look, it seems like dtom() should do the right thing, >since the ipfw code is passed a pointer from mtod(), which should >be the reverse of dtom(). If it isn't, then we probably have bigger >things to worry about. Bill is correct; dtom() can't convert the address of an mbuf cluster. The address the mtod() returns is simply the beginning of a 2k chunk of memory and has no "mbuf" structure. Trying to free such a thing would have quite undesirable effects. >If we have problems with freeing individual mbufs that are part >of mbuf clusters, then I would expect to see out of memory problems/many >more problems. Again, this may be the case, but on my setup is isn't. Not really. The ipfw code is doing something that shouldn't be done, and that is that it tries to free an mbuf whose pointer was gotten from some funky dtom(mtod()) equivilent. Other code in the kernel doesn't do this. The correct solution is to pass the mbuf pointer around and never use dtom(). I didn't see Bill's original message+diffs...Would you send me a copy, Bill? -DG