Date: Tue, 04 Apr 2000 14:59:24 +0100 From: Brian Somers <brian@Awfulhak.org> To: Gary Jennejohn <garyj@muc.de> Cc: Maxim Sobolev <sobomax@altavista.net>, current@FreeBSD.ORG, brian@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: PPP segfaulting Message-ID: <200004041359.OAA04021@hak.lan.Awfulhak.org> In-Reply-To: Message from Gary Jennejohn <garyj@peedub.muc.de> of "Tue, 04 Apr 2000 11:01:32 %2B0200." <200004040901.LAA26278@peedub.muc.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry, I should have done more than a few greps when reviewing this.
The slcompress code is diving into the TCP header that comes after
the IP header.... There's some nasty stuff going on here between
vjcomp.c and slcompress.c - namely, the pointer passed into
sl_uncompress_tcp is expected to have MAX_HDR bytes preceeding it
(for compressed packets) and slcs_u::csu_ip therefore needs to be
more than just an IP header.
> Maxim Sobolev writes:
> >Hi,
> >
> >The ppp built from the just cvsup'ed -current sources segfaulting. Following i
> >s
> >backtrace. Please contact me of some additional debugging info will be
> >necessary.
> >
> >-Maxim
> >
> >PPP ON vega>
> >Program received signal SIGSEGV, Segmentation fault.
> >0x806e98e in sl_compress_tcp (m=0x809e000, ip=0x809e01c, comp=0x808583c,
> > slstat=0x808900c, compress_cid=0) at slcompress.c:177
> >177 if (ip->ip_src.s_addr != cs->cs_ip.ip_src.s_addr ||
> >(gdb) bt
> >#0 0x806e98e in sl_compress_tcp (m=0x809e000, ip=0x809e01c, comp=0x808583c,
> > slstat=0x808900c, compress_cid=0) at slcompress.c:177
> >#1 0x8071f70 in vj_LayerPush (bundle=0x80853a0, l=0x8093000, bp=0x809e000,
> > pri=0, proto=0xbfbff41e) at vjcomp.c:73
> >#2 0x8064e0f in link_PushPacket (l=0x8093000, bp=0x809e000, b=0x80853a0,
> > pri=0, proto=33) at link.c:225
> >#3 0x805fe46 in ip_PushPacket (l=0x8093000, bundle=0x80853a0) at ip.c:733
> >#4 0x804bf5e in bundle_FillQueues (bundle=0x80853a0) at bundle.c:414
> >#5 0x804bfc7 in bundle_UpdateSet (d=0x80853a0, r=0xbfbff5e8, w=0xbfbff568,
> > e=0xbfbff4e8, n=0xbfbff4e0) at bundle.c:437
> >#6 0x80670af in DoLoop (bundle=0x80853a0) at main.c:517
> >#7 0x8067028 in main (argc=2, argv=0xbfbff804) at main.c:495
> >#8 0x804a85d in _start ()
> >
>
> Sorry, it looks like removing csu_hdr wasn't such a good idea after all.
> Apparently the m_pullup of the mbuf makes it necessary to have at least
> 128 bytes available in cspace. My bad :( I'll back out my changes.
>
> Try this patch, which basically reverts my modification:
>
> --- /usr/src/usr.sbin/ppp/slcompress.h.orig Tue Apr 4 10:48:59 2000
> +++ /u8/tmp/src/usr.sbin/ppp/slcompress.h Sat Aug 28 03:18:44 1999
> @@ -16,7 +16,7 @@
> * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
> * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
> *
> - * $FreeBSD: src/usr.sbin/ppp/slcompress.h,v 1.14 2000/04/03 19:54:33 gj Exp $
> + * $FreeBSD: src/usr.sbin/ppp/slcompress.h,v 1.13 1999/08/28 01:18:44 peter Exp $
> *
> * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:
> * - Initial distribution.
> @@ -102,8 +102,14 @@
> u_short cs_hlen; /* size of hdr (receive only) */
> u_char cs_id; /* connection # associated with this state */
> u_char cs_filler;
> - struct ip cs_ip; /* ip/tcp hdr from most recent packet */
> + union {
> + char csu_hdr[MAX_HDR];
> + struct ip csu_ip; /* ip/tcp hdr from most recent packet */
> + } slcs_u;
> };
> +
> +#define cs_ip slcs_u.csu_ip
> +#define cs_hdr slcs_u.csu_hdr
>
> /*
> * all the state data for one serial line (we need one of these
>
> ---
> Gary Jennejohn / garyj@muc.de gj@freebsd.org
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004041359.OAA04021>