From owner-freebsd-net  Thu Apr 18  4: 6:21 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mgo.iij.ad.jp (mgo.iij.ad.jp [202.232.15.6])
	by hub.freebsd.org (Postfix) with ESMTP id 3875B37B400
	for <freebsd-net@FreeBSD.ORG>; Thu, 18 Apr 2002 04:06:17 -0700 (PDT)
Received: from ns.iij.ad.jp (ns.iij.ad.jp [192.168.2.8])
	by mgo.iij.ad.jp (8.8.8/MGO1.0) with ESMTP id UAA26087
	for <freebsd-net@FreeBSD.ORG>; Thu, 18 Apr 2002 20:06:16 +0900 (JST)
Received: from localhost (ssh.iij.ad.jp [192.168.2.7]) by ns.iij.ad.jp (8.8.5/3.5Wpl7) with ESMTP id UAA03302; Thu, 18 Apr 2002 20:06:15 +0900 (JST)
Date: Thu, 18 Apr 2002 20:05:50 +0900 (JST)
Message-Id: <20020418.200550.110156595.keiichi@iij.ad.jp>
To: freebsd-net@FreeBSD.ORG
Subject: Re: Questions on ip_output.c's patch for FreeBSD-SA-02:21.tcpip
From: Keiichi SHIMA / =?iso-2022-jp?B?GyRCRWc3RDBsGyhC?= <keiichi@iij.ad.jp>
In-Reply-To: <20020418094722.GG98788@sunbay.com>
References: <200204171923.g3HJNg958905@freefall.freebsd.org>
	<x7vgapxy7o.wl@s30.crl.hitachi.co.jp>
	<20020418094722.GG98788@sunbay.com>
X-Mailer: Mew version 3.0.55 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hi,

From: Ruslan Ermilov <ru@FreeBSD.ORG>

> I strongly object to this change.  BSD historically didn't allow for
> ip_output() to be called with the NULL route pointer.  I changed this

I don't know the history of BSD, but, if the reason is the history
(that BSD didn't allow NULL route), I agree your fix is the only way.

> in rev. 1.143 in a blind attempt to fix a panic condition I introduced
> in ip_icmp.c,v 1.64.  Unfortunately, this didn't actually fix the
> ip_icmp.c bug but rather _hided_ it.  Many respectful people objected
> to the 1.143 change, including Garrett Wollman, but I didn't realize
> at the time why this was bad.  I since have fixed my mind, and I now
> realize why it's bad.  The details could be found in the commit log
> for ip_output.c,v 1.153.  Hopefully you can follow that.

If the reason is "Prevent icmp_reflect() from calling ip_output() with
a NULL route pointer which will then result in the allocated route's
                                               ~~~~~~~~~~~~~~~~~~~~~
reference count never being decremented.", I think both patches can
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fix this problem.


Regards,

---
Keiichi SHIMA
IIJ Research Laboratory <keiichi@iij.ad.jp>
KAME Project <keiichi@kame.net>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message