From owner-freebsd-bugs@FreeBSD.ORG Tue Mar 21 04:00:49 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F04B16A400 for ; Tue, 21 Mar 2006 04:00:49 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBF6643D45 for ; Tue, 21 Mar 2006 04:00:48 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2L40hGq056835 for ; Tue, 21 Mar 2006 04:00:43 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2L40hpf056833; Tue, 21 Mar 2006 04:00:43 GMT (envelope-from gnats) Date: Tue, 21 Mar 2006 04:00:43 GMT Message-Id: <200603210400.k2L40hpf056833@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: zhouyi zhou Cc: Subject: (Resolved) Re: kern/94599: [mac] MAC (Mandatory Access Control) and IPSEC can not coexist X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: zhouyi zhou List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 04:00:49 -0000 The following reply was made to PR kern/94599; it has been noted by GNATS. From: zhouyi zhou To: bug-followup@FreeBSD.org Cc: zhouyi04@ios.cn Subject: (Resolved) Re: kern/94599: [mac] MAC (Mandatory Access Control) and IPSEC can not coexist Date: Tue, 21 Mar 2006 11:50:54 +0800 FreeBSD release 5.4 to 6.0 exists serious bugs, when IPSEC and MAC configured togethor (the system will crash). The reason is follows: 277 m_move_pkthdr(struct mbuf *to, struct mbuf *from) 278 { 279 280 #if 0 281 /* see below for why these are not enabled */ 282 M_ASSERTPKTHDR(to); 283 /* Note: with MAC, this may not be a good assertion. */ 284 KASSERT(SLIST_EMPTY(&to->m_pkthdr.tags), 285 ("m_move_pkthdr: to has tags")); 286 #endif 287 #ifdef MAC 288 /* 289 * XXXMAC: It could be this should also occur for non-MAC? 290 */ 291 if (to->m_flags & M_PKTHDR) 292 m_tag_delete_chain(to, NULL); 293 #endif 294 to->m_flags = (from->m_flags & M_COPYFLAGS) | (to->m_flags & M_EXT); 295 if ((to->m_flags & M_EXT) == 0) 296 to->m_data = to->m_pktdat; 297 to->m_pkthdr = from->m_pkthdr; /* especially tags */ 298 SLIST_INIT(&from->m_pkthdr.tags); /* purge tags from src */ 299 from->m_flags &= ~M_PKTHDR; 300 } What if on line 292, the mbufs to and from point to the same tag list? The method to resolve: 1ˇ˘simply comments out line 292 2ˇ˘compare if mbufs to and from point to the same tag list Sincerely yours Zhouyi Zhou Ma Yong Wu Xinsong Institute of Software Chinese Academy of Sciences