From owner-freebsd-security  Mon Dec  4 14:28:24 2000
From owner-freebsd-security@FreeBSD.ORG  Mon Dec  4 14:28:22 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from pike.osd.bsdi.com (pike.osd.bsdi.com [204.216.28.222])
	by hub.freebsd.org (Postfix) with ESMTP id E97E637B401
	for <security@FreeBSD.org>; Mon,  4 Dec 2000 14:28:21 -0800 (PST)
Received: from laptop.baldwin.cx (root@dhcp246.osd.bsdi.com [204.216.28.246])
	by pike.osd.bsdi.com (8.11.1/8.9.3) with ESMTP id eB4MRvC18288;
	Mon, 4 Dec 2000 14:27:57 -0800 (PST)
	(envelope-from jhb@FreeBSD.org)
Message-ID: <XFMail.001204142832.jhb@FreeBSD.org>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <20001204155324.J75794@elvis.mu.org>
Date: Mon, 04 Dec 2000 14:28:32 -0800 (PST)
From: John Baldwin <jhb@FreeBSD.org>
To: Bill Fumerola <billf@mu.org>
Subject: Re: ipfw/dummy: memory leak or what?
Cc: security@FreeBSD.org, mouss <usebsd@free.fr>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On 04-Dec-00 Bill Fumerola wrote:
> On Mon, Dec 04, 2000 at 08:48:38PM +0100, mouss wrote:
>> while looking at the ip_input code, and more particularly at the dummy net 
>> stuff
>> in the start, I saw the
>>      m = m->m_next;
>> 
>> given that m is supposed to be freed wen delivered, I don't see when is the 
>> dummy
>> net mbuf (the one containing the rule, and that is skipped by the ->m_next 
>> above)
>> will be freed.
>> Is this a memory leak opprotunity or am I missing something?
> 
> that line of code occurs 1328408120847192384719238128401382 times in the net
> code. you might want to give some context to what you're trying to say.

He said ip_input, and at the start in the dummynet stuff:

The only time m = m->next occurs in ip_input() is here:

void
ip_input(struct mbuf *m)
{
...
#if defined(IPFIREWALL) && defined(DUMMYNET)
        /*
         * dummynet packet are prepended a vestigial mbuf with
         * m_type = MT_DUMMYNET and m_data pointing to the matching
         * rule.
         */
        if (m->m_type == MT_DUMMYNET) {
            rule = (struct ip_fw_chain *)(m->m_data) ;
            m = m->m_next ;
            ip = mtod(m, struct ip *);
            hlen = IP_VHL_HL(ip->ip_vhl) << 2;
            goto iphack ;
        } else
            rule = NULL ;
#endif

Looks like plenty of context to me.  As to the actual question, I'm not a
networking whiz I'm afraid.

-- 

John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message