Date: Mon, 04 Dec 2000 14:28:32 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: Bill Fumerola <billf@mu.org> Cc: security@FreeBSD.org, mouss <usebsd@free.fr> Subject: Re: ipfw/dummy: memory leak or what? Message-ID: <XFMail.001204142832.jhb@FreeBSD.org> In-Reply-To: <20001204155324.J75794@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04-Dec-00 Bill Fumerola wrote:
> On Mon, Dec 04, 2000 at 08:48:38PM +0100, mouss wrote:
>> while looking at the ip_input code, and more particularly at the dummy net
>> stuff
>> in the start, I saw the
>> m = m->m_next;
>>
>> given that m is supposed to be freed wen delivered, I don't see when is the
>> dummy
>> net mbuf (the one containing the rule, and that is skipped by the ->m_next
>> above)
>> will be freed.
>> Is this a memory leak opprotunity or am I missing something?
>
> that line of code occurs 1328408120847192384719238128401382 times in the net
> code. you might want to give some context to what you're trying to say.
He said ip_input, and at the start in the dummynet stuff:
The only time m = m->next occurs in ip_input() is here:
void
ip_input(struct mbuf *m)
{
...
#if defined(IPFIREWALL) && defined(DUMMYNET)
/*
* dummynet packet are prepended a vestigial mbuf with
* m_type = MT_DUMMYNET and m_data pointing to the matching
* rule.
*/
if (m->m_type == MT_DUMMYNET) {
rule = (struct ip_fw_chain *)(m->m_data) ;
m = m->m_next ;
ip = mtod(m, struct ip *);
hlen = IP_VHL_HL(ip->ip_vhl) << 2;
goto iphack ;
} else
rule = NULL ;
#endif
Looks like plenty of context to me. As to the actual question, I'm not a
networking whiz I'm afraid.
--
John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.001204142832.jhb>