From owner-freebsd-net Tue Oct 10 17:53:41 2000 Delivered-To: freebsd-net@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id 3A59E37B66C; Tue, 10 Oct 2000 17:53:37 -0700 (PDT) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id CAA85156; Wed, 11 Oct 2000 02:53:34 +0200 (CEST) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200010110053.CAA85156@info.iet.unipi.it> Subject: Re: ip_input.c patch In-Reply-To: <200010102202.e9AM2L538821@bubba.whistle.com> from Archie Cobbs at "Oct 10, 2000 03:02:21 pm" To: Archie Cobbs Date: Wed, 11 Oct 2000 02:53:34 +0200 (CEST) Cc: bmilekic@FreeBSD.ORG, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Bosko (and anyone else..), > > Does this patch look appropriate to you? wouldn't it be better to just avoid the problem in the first place by removing the conversion to host format and fixing the rest of the code to handle things in net format ? cheers luigi > Thanks, > -Archie > > ___________________________________________________________________________ > Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com > > Index: ip_input.c > =================================================================== > RCS file: /home/ncvs/src/sys/netinet/ip_input.c,v > retrieving revision 1.141 > diff -u -r1.141 ip_input.c > --- ip_input.c 2000/09/14 21:06:48 1.141 > +++ ip_input.c 2000/10/10 21:58:46 > @@ -338,15 +338,23 @@ > goto bad; > } > > +#if BYTE_ORDER != BIG_ENDIAN > /* > - * Convert fields to host representation. > + * Convert fields to host representation. But first make > + * sure we don't write into a multiply-referenced mbuf. > */ > + if ((m->m_flags & M_EXT) != 0 && MEXT_IS_REF(m) > + && (m = m_pullup(m, sizeof(*ip))) == NULL) { > + ipstat.ips_badhlen++; > + return; > + } > NTOHS(ip->ip_len); > + NTOHS(ip->ip_off); > +#endif /* !BIG_ENDIAN */ > if (ip->ip_len < hlen) { > ipstat.ips_badlen++; > goto bad; > } > - NTOHS(ip->ip_off); > > /* > * Check that the amount of data in the buffers > @@ -599,7 +607,7 @@ > * Reassembly should be able to treat a mbuf cluster, for later > * operation of contiguous protocol headers on the cluster. (KAME) > */ > - if (m->m_flags & M_EXT) { /* XXX */ > + if ((m->m_flags & M_EXT) != 0 && MEXT_IS_REF(m)) { > if ((m = m_pullup(m, hlen)) == 0) { > ipstat.ips_toosmall++; > #ifdef IPFIREWALL_FORWARD > @@ -688,6 +696,14 @@ > #ifdef IPDIVERT > /* Restore original checksum before diverting packet */ > if (divert_info != 0) { > + /* Don't overwrite multiply-referenced mbuf */ > + if ((m->m_flags & M_EXT) != 0 && MEXT_IS_REF(m) > + && (m = m_pullup(m, sizeof(*ip))) == NULL) { > +#ifdef IPFIREWALL_FORWARD > + ip_fw_fwd_addr = NULL; > +#endif > + return; > + } > ip->ip_len += hlen; > HTONS(ip->ip_len); > HTONS(ip->ip_off); > @@ -717,6 +733,15 @@ > /* Clone packet if we're doing a 'tee' */ > if ((divert_info & IP_FW_PORT_TEE_FLAG) != 0) > clone = m_dup(m, M_DONTWAIT); > + > + /* Don't overwrite multiply-referenced mbuf */ > + if ((m->m_flags & M_EXT) != 0 && MEXT_IS_REF(m) > + && (m = m_pullup(m, sizeof(*ip))) == NULL) { > +#ifdef IPFIREWALL_FORWARD > + ip_fw_fwd_addr = NULL; > +#endif > + return; > + } > > /* Restore packet header fields to original values */ > ip->ip_len += hlen; > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message