From owner-freebsd-net@FreeBSD.ORG Tue Feb 1 03:05:13 2011 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 843D4106564A; Tue, 1 Feb 2011 03:05:13 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id D0B358FC13; Tue, 1 Feb 2011 03:05:12 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 3992E41C7A5; Tue, 1 Feb 2011 04:05:11 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id xofwUQ24sbcT; Tue, 1 Feb 2011 04:05:10 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 9C64941C7B0; Tue, 1 Feb 2011 04:05:10 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 2CC1B444900; Tue, 1 Feb 2011 03:02:06 +0000 (UTC) Date: Tue, 1 Feb 2011 03:02:06 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Lawrence Stewart In-Reply-To: <4D477289.8040901@freebsd.org> Message-ID: <20110201025227.J43179@maildrop.int.zabbadoz.net> References: <201101311217.07073.jhb@freebsd.org> <4D477289.8040901@freebsd.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Andre Oppermann , John Baldwin , net@freebsd.org Subject: Re: Bogus KASSERT() in tcp_output()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2011 03:05:13 -0000 On Tue, 1 Feb 2011, Lawrence Stewart wrote: > On 02/01/11 04:17, John Baldwin wrote: >> Somewhat related fallout to the bug reported on security@ recently, I think >> this KASSERT() in tcp_output() is bogus: >> >> >> KASSERT(len + hdrlen + ipoptlen == m_length(m, NULL), >> ("%s: mbuf chain shorter than expected", __func__)); >> >> Specifically, just a few lines earlier in tcp_output() we set the packet >> header length to just 'len + hdrlen': >> >> /* >> * Put TCP length in extended header, and then >> * checksum extended header and data. >> */ >> m->m_pkthdr.len = hdrlen + len; /* in6_cksum() need this */ >> >> Also, the ipoptions are stored in a separate mbuf chain in the in pcb >> (inp_options) that is passed as a separate argument to ip_output(). Given >> that, I would think that m_length() should not reflect ipoptlen since it >> should not include IP options in that chain? >> > > There is some relevant prior discussion on src-committers@ for r212803 > between Andre and Bjoern. Yeah and I still have the temporary workaround from http://p4web.freebsd.org/@@185095?ac=10 I think you are specifically refering to http://lists.freebsd.org/pipermail/svn-src-head/2010-October/021814.html I had been pinging people back then, but I am happy to see the discussion about these TCP changes finally happing now. I'll have to swap thing back in completly - it's been more than three months. Let me see later today. /bz -- Bjoern A. Zeeb You have to have visions! Going to jail sucks -- All my daemons like it! http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html