Date: Sat, 6 Nov 2004 05:25:39 -0500 From: James <haesu@towardex.com> To: freebsd-net@freebsd.org Subject: ip_fastforward() sanity check.. Message-ID: <20041106102539.GA30766@scylla.towardex.com>
next in thread | raw e-mail | index | archive | help
I seem to have a little concern in one specific early-sanity check in the
ip_fastforward() function of the latest 5.3 code base:
/*
* Is first mbuf large enough for ip header and is header present?
*/
if (m->m_len < sizeof (struct ip) &&
(m = m_pullup(m, sizeof (struct ip))) == 0) {
ipstat.ips_toosmall++;
goto drop;
}
Okay, if m_pullup() returns 0 due to failure, it already called m_freem(m) by
itself. But we have "goto drop;" after that, which is redundant, no?
I don't think this is a bit of issue in IPv4 implementation, but as obviously,
in IPv6 implementation, if calling 'goto drop' or redundant m_freem(m) in case
where m_pullup returns NULL/0, it may crash the kernel rock hard at
m_tag_delete_chain in uipc_mbuf.c (even if you are checking 'if (m) m_freem(m)'
as remains are left over)
If any one has any comments, please let me know. If this is not a concern
please disregard my rant and excuse me for waste of time :)
Thanks,
-J
--
James Jun TowardEX Technologies, Inc.
Technical Lead IPv4 and Native IPv6 Colocation, Bandwidth,
james@towardex.com and Web Hosting Services in the Metro Boston area
cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041106102539.GA30766>