Date: Thu, 13 Dec 2001 22:36:51 +0300 From: Yar Tikhiy <yar@freebsd.org> To: hackers@freebsd.org, net@freebsd.org Subject: Solution for an IPFIREWALL_FORWARD panic? Message-ID: <20011213223651.A2089@comp.chem.msu.su>
next in thread | raw e-mail | index | archive | help
Hello everybody, A kernel panic has been observed in both branches under the following conditions: o ipfw is configured with a "fwd" rule for outgoing packets that will match some RIP datagrams o GateD is started with RIP enabled and consequently sends a broadcast UDP datagram that matches the "fwd" rule The panic happens there (the source file is sys/netinet/ip_output.c; quoted as to rev. 1.99.2.21): 740 if (ro_fwd->ro_rt->rt_flags & RTF_HOST) 741 isbroadcast = 742 (ro_fwd->ro_rt->rt_flags & RTF_BROADCAST); 743 else 744 isbroadcast = in_broadcast(dst->sin_addr, ifp); 745 RTFREE(ro->ro_rt); ^^^^^^^^^^^^^^^^^^^^^^^ 746 ro->ro_rt = ro_fwd->ro_rt; 747 dst = (struct sockaddr_in *)&ro_fwd->ro_dst; ro->ro_rt is NULL, which causes the panic. As far as I understand the ip_output() code, ro->ro_rt being NULL at that point is actually all right, so to solve the problem, the code just must be changed as follows: < RTFREE(ro->ro_rt); -- > if (ro->ro_rt) > RTFREE(ro->ro_rt); Am I right? Or ro->ro_rt should not be NULL there at all and the actual bug hides somewhere else? -- Yar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011213223651.A2089>