From owner-freebsd-hackers Wed Dec 11 17: 2:48 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07AAD37B401 for ; Wed, 11 Dec 2002 17:02:47 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FF4B43E4A for ; Wed, 11 Dec 2002 17:02:46 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.3/8.12.3) with ESMTP id gBC12RTO080783; Wed, 11 Dec 2002 17:02:27 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.3/8.12.3/Submit) id gBC12Rha080782; Wed, 11 Dec 2002 17:02:27 -0800 (PST) (envelope-from rizzo) Date: Wed, 11 Dec 2002 17:02:27 -0800 From: Luigi Rizzo To: Ian Dowse Cc: Alexander Langer , Patrick Soltani , freebsd-hackers@FreeBSD.ORG Subject: Re: panic: icmp_error: bad length Message-ID: <20021211170227.A79864@xorpc.icir.org> References: <20021211233246.GR64335@fump.kawo2.rwth-aachen.de> <200212120054.aa55340@salmon.maths.tcd.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200212120054.aa55340@salmon.maths.tcd.ie>; from iedowse@maths.tcd.ie on Thu, Dec 12, 2002 at 12:54:48AM +0000 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG the diagnosis looks reasonable, though i do not remember changing anything related to this between 4.6 and 4.7 so i wonder why the error did not appear in earlier versions of the code. icmp_error() consumes the mbuf so i believe it is ok to scramble it but one should double check. Note that NTOHS() seem to be deprecated in favour of the function version of the same cheers luigi On Thu, Dec 12, 2002 at 12:54:48AM +0000, Ian Dowse wrote: > In message <20021211233246.GR64335@fump.kawo2.rwth-aachen.de>, Alexander Langer > writes: > >Yeah, same situation here. 4.6 used to work w/o problem, 4.7 doesn't. > > Great, thanks for the debugging info. The bug seems to be that > icmp_error() requires that the IP header fields are in host order, > but when it is called on a briged packet by the IPFW code, this is > not the case. Something like the patch below (untested) should fix > the IPFW1 case. A similar change is needed for IPFW2. > > Luigi: does this look reasonable? I'm not familiour enough with the > IPFW code to know if it is OK to modify the mbuf like this. If not > then it needs to be copied first like ip_forward() does, making > sure that the IP header does not end up in a shared cluster. > > Ian > > Index: ip_fw.c > =================================================================== > RCS file: /home/iedowse/CVS/src/sys/netinet/ip_fw.c,v > retrieving revision 1.131.2.38 > diff -u -r1.131.2.38 ip_fw.c > --- ip_fw.c 21 Nov 2002 01:27:30 -0000 1.131.2.38 > +++ ip_fw.c 12 Dec 2002 00:43:22 -0000 > @@ -1573,6 +1573,11 @@ > break; > } > default: /* Send an ICMP unreachable using code */ > + /* Must convert to host order for icmp_error(). */ > + if (BRIDGED) { > + NTOHS(ip->ip_len); > + NTOHS(ip->ip_off); > + } > icmp_error(*m, ICMP_UNREACH, > f->fw_reject_code, 0L, 0); > *m = NULL; > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message