From owner-freebsd-net Thu Apr 18 7:23:13 2002 Delivered-To: freebsd-net@freebsd.org Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by hub.freebsd.org (Postfix) with ESMTP id 1A7A737B404; Thu, 18 Apr 2002 07:23:06 -0700 (PDT) Received: from localhost ([3ffe:501:100f:1048:200:39ff:fed9:21d7]) by shuttle.wide.toshiba.co.jp (8.11.6/8.9.1) with ESMTP id g3IEN4o33341; Thu, 18 Apr 2002 23:23:04 +0900 (JST) Date: Thu, 18 Apr 2002 23:23:09 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Ruslan Ermilov Cc: SUZUKI Shinsuke , Garrett Wollman , jayanth@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Questions on ip_output.c's patch for FreeBSD-SA-02:21.tcpip In-Reply-To: <20020418094722.GG98788@sunbay.com> References: <200204171923.g3HJNg958905@freefall.freebsd.org> <20020418094722.GG98788@sunbay.com> User-Agent: Wanderlust/2.6.1 (Upside Down) Emacs/21.1 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Dispatcher: imput version 20000228(IM140) Lines: 52 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> On Thu, 18 Apr 2002 12:47:22 +0300, >>>>> Ruslan Ermilov said: >> KAME rewrote the attached patch to improve this point: >> - This memory leak is fixed, of course:-) >> (at least I confirmed on 5-current). >> - Non-NULL rtentry for ip_output() is still accepted. So only a >> patch in ip_output.c is enough. >> >> Could you please correct me if I'm wrong, or consider adopting this >> patch? >> (it's a patch for 5-current, but it's not so difficult to modify it for >> 4-stable and 4.5-release branch) > I strongly object to this change. BSD historically didn't allow for > ip_output() to be called with the NULL route pointer. I changed this I'm not sure what you meant by "BSD" and "historically" here, but please let me point out that this behavior is specific to FreeBSD. At least BSD-4.4 Lite2 allows for ip_output to take the NULL route pointer (see the rev. 1.1.1.1. for FreeBSD). Additionally, BSD/OS, NetBSD, and OpenBSD still allow the case. FreeBSD prohibited the NULL route pointer argument for ip_output at the change from 1.34 to 1.35 (6 years ago, so I admit we could say this "historically"). > in rev. 1.143 in a blind attempt to fix a panic condition I introduced > in ip_icmp.c,v 1.64. Unfortunately, this didn't actually fix the > ip_icmp.c bug but rather _hided_ it. Many respectful people objected > to the 1.143 change, including Garrett Wollman, but I didn't realize > at the time why this was bad. I since have fixed my mind, and I now > realize why it's bad. The details could be found in the commit log > for ip_output.c,v 1.153. Hopefully you can follow that. We understood the issue, but when we proposed the other fix (from suz) we did not realize that the "iproute" local variable was "re-"enabled in 1.143, and thought that this was an IPsec issue. Since FreeBSD has been able to live with the code disabling the NULL iproute for ip_output (and requiring all callers to pass a non NULL argument) for 6 years, I agree that the proposed fix in the advisory is natural for FreeBSD. The only concern that I think of is that we may see kernel panic when porting code that calls ip_output() from other BSDs, since the others may pass the NULL pointer to ip_output(). But, perhaps this issue has already been discussed and thus the current code... JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message