From owner-freebsd-net@freebsd.org Sat Jul 22 19:38:30 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2ADEDABB66 for ; Sat, 22 Jul 2017 19:38:30 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward4h.cmail.yandex.net (forward4h.cmail.yandex.net [IPv6:2a02:6b8:0:f35::111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AEEF163406 for ; Sat, 22 Jul 2017 19:38:30 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp4o.mail.yandex.net (smtp4o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::28]) by forward4h.cmail.yandex.net (Yandex) with ESMTP id D58A2209DD; Sat, 22 Jul 2017 22:38:17 +0300 (MSK) Received: from smtp4o.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp4o.mail.yandex.net (Yandex) with ESMTP id 22B4B6C00E2D; Sat, 22 Jul 2017 22:38:16 +0300 (MSK) Received: by smtp4o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 9qceBd2ZGb-cFkieg55; Sat, 22 Jul 2017 22:38:15 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1500752296; bh=7w8R3WMXxi4Z145ULMaVgewLNNtXZKISwaOKlFr1z18=; h=Subject:To:References:Cc:From:Message-ID:Date:In-Reply-To; b=oqV3+UFuL7n1cV/v7Takqadp0gmzkzQtUEd4d5Gocfbh3Cx4rHzx8VOL/I5HXD3Ct BD+885YYhhCeGODDM3uLjCx16n3S169xPUxwQwZD3Er9VFfSaRev4Y8w0G549EXRHB /NYPfS/kmlYstbc8r2B1a3QX+NrHNfvJk+qaDFnY= Authentication-Results: smtp4o.mail.yandex.net; dkim=pass header.i=@yandex.ru X-Yandex-Suid-Status: 1 0,1 0 Subject: Re: mbuf clusters leak in netinet6 To: Daniel Bilik References: <20170721232112.82f6e78b76057312183be937@neosystem.cz> <5dadd0d0-d5ce-3a2c-7ad6-1c0a39a4a0e7@yandex.ru> <20170722155157.b29206752f49422e40e58c5d@neosystem.cz> Cc: freebsd-net@freebsd.org From: "Andrey V. Elsukov" Message-ID: Date: Sat, 22 Jul 2017 22:38:13 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: <20170722155157.b29206752f49422e40e58c5d@neosystem.cz> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jul 2017 19:38:31 -0000 22.07.17 16:51, Daniel Bilik пишет: > On Sat, 22 Jul 2017 12:11:31 +0300 > "Andrey V. Elsukov" wrote: > >> Freeing mbuf is under pfil hook responsibility, if it returns nonzero >> value it must call m_freem(). So, it is bug in the ndpacket.c. > > Ah, thanks for clarifying this. It was quite unclear to me, because at > other place I've seen m_freem() is called after non-zero pfil_run_hooks() > result. [1] > > Nevertheless, I've patched and tested ndproxy as you suggested, and it > works fine, with no mbuf leaks. Pull request created. [2] This is because the "drop" label is shared between several places. Usually pfil hook does m_freem() and sets mbuf pointer to NULL. Check ip_output() or ip6_output(), also ipfw's pfil hook implementation: https://svnweb.freebsd.org/base/head/sys/netpfil/ipfw/ip_fw_pfil.c?annotate=308237#l295 -- WBR, Andrey V. Elsukov