Date: Tue, 21 Mar 2006 11:36:25 +0800 From: zhouyi zhou <zhouyi04@ios.cn> To: freebsd-bugs@freebsd.org Subject: Resolving FreeBSD MAC Framework and IPSEC confliction Message-ID: <20060321113625.7550a6e3.zhouyi04@ios.cn>
index | next in thread | raw e-mail
High, every one FreeBSD release 5.4 to 6.0 exists serious bugs,
when IPSEC and MAC configured togethor (the system will crash).
The reason is follows:
277 m_move_pkthdr(struct mbuf *to, struct mbuf *from)
278 {
279
280 #if 0
281 /* see below for why these are not enabled */
282 M_ASSERTPKTHDR(to);
283 /* Note: with MAC, this may not be a good assertion. */
284 KASSERT(SLIST_EMPTY(&to->m_pkthdr.tags),
285 ("m_move_pkthdr: to has tags"));
286 #endif
287 #ifdef MAC
288 /*
289 * XXXMAC: It could be this should also occur for non-MAC?
290 */
291 if (to->m_flags & M_PKTHDR)
292 m_tag_delete_chain(to, NULL);
293 #endif
294 to->m_flags = (from->m_flags & M_COPYFLAGS) | (to->m_flags & M_EXT);
295 if ((to->m_flags & M_EXT) == 0)
296 to->m_data = to->m_pktdat;
297 to->m_pkthdr = from->m_pkthdr; /* especially tags */
298 SLIST_INIT(&from->m_pkthdr.tags); /* purge tags from src */
299 from->m_flags &= ~M_PKTHDR;
300 }
What if on line 292, the mbufs to and from point to the same tag list?
The method to resolve:
1ˇ˘simply comments out line 292
2ˇ˘compare if mbufs to and from point to the same tag list
Sincerely yours
Zhouyi Zhou
Ma Yong
Wu Xinsong
Institute of Software
Chinese Academy of Sciences
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060321113625.7550a6e3.zhouyi04>