Date: Tue, 21 Mar 2006 04:00:43 GMT From: zhouyi zhou <zhouyi04@ios.cn> To: freebsd-bugs@FreeBSD.org Subject: (Resolved) Re: kern/94599: [mac] MAC (Mandatory Access Control) and IPSEC can not coexist Message-ID: <200603210400.k2L40hpf056833@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR kern/94599; it has been noted by GNATS.
From: zhouyi zhou <zhouyi04@ios.cn>
To: bug-followup@FreeBSD.org
Cc: zhouyi04@ios.cn
Subject: (Resolved) Re: kern/94599: [mac] MAC (Mandatory Access Control) and
IPSEC can not coexist
Date: Tue, 21 Mar 2006 11:50:54 +0800
FreeBSD release 5.4 to 6.0 exists serious bugs,
when IPSEC and MAC configured togethor (the system will crash).
The reason is follows:
277 m_move_pkthdr(struct mbuf *to, struct mbuf *from)
278 {
279
280 #if 0
281 /* see below for why these are not enabled */
282 M_ASSERTPKTHDR(to);
283 /* Note: with MAC, this may not be a good assertion. */
284 KASSERT(SLIST_EMPTY(&to->m_pkthdr.tags),
285 ("m_move_pkthdr: to has tags"));
286 #endif
287 #ifdef MAC
288 /*
289 * XXXMAC: It could be this should also occur for non-MAC?
290 */
291 if (to->m_flags & M_PKTHDR)
292 m_tag_delete_chain(to, NULL);
293 #endif
294 to->m_flags = (from->m_flags & M_COPYFLAGS) | (to->m_flags & M_EXT);
295 if ((to->m_flags & M_EXT) == 0)
296 to->m_data = to->m_pktdat;
297 to->m_pkthdr = from->m_pkthdr; /* especially tags */
298 SLIST_INIT(&from->m_pkthdr.tags); /* purge tags from src */
299 from->m_flags &= ~M_PKTHDR;
300 }
What if on line 292, the mbufs to and from point to the same tag list?
The method to resolve:
1ˇ˘simply comments out line 292
2ˇ˘compare if mbufs to and from point to the same tag list
Sincerely yours
Zhouyi Zhou
Ma Yong
Wu Xinsong
Institute of Software
Chinese Academy of Sciences
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603210400.k2L40hpf056833>