Date: Tue, 21 Mar 2006 04:00:43 GMT From: zhouyi zhou <zhouyi04@ios.cn> To: freebsd-bugs@FreeBSD.org Subject: (Resolved) Re: kern/94599: [mac] MAC (Mandatory Access Control) and IPSEC can not coexist Message-ID: <200603210400.k2L40hpf056833@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/94599; it has been noted by GNATS. From: zhouyi zhou <zhouyi04@ios.cn> To: bug-followup@FreeBSD.org Cc: zhouyi04@ios.cn Subject: (Resolved) Re: kern/94599: [mac] MAC (Mandatory Access Control) and IPSEC can not coexist Date: Tue, 21 Mar 2006 11:50:54 +0800 FreeBSD release 5.4 to 6.0 exists serious bugs, when IPSEC and MAC configured togethor (the system will crash). The reason is follows: 277 m_move_pkthdr(struct mbuf *to, struct mbuf *from) 278 { 279 280 #if 0 281 /* see below for why these are not enabled */ 282 M_ASSERTPKTHDR(to); 283 /* Note: with MAC, this may not be a good assertion. */ 284 KASSERT(SLIST_EMPTY(&to->m_pkthdr.tags), 285 ("m_move_pkthdr: to has tags")); 286 #endif 287 #ifdef MAC 288 /* 289 * XXXMAC: It could be this should also occur for non-MAC? 290 */ 291 if (to->m_flags & M_PKTHDR) 292 m_tag_delete_chain(to, NULL); 293 #endif 294 to->m_flags = (from->m_flags & M_COPYFLAGS) | (to->m_flags & M_EXT); 295 if ((to->m_flags & M_EXT) == 0) 296 to->m_data = to->m_pktdat; 297 to->m_pkthdr = from->m_pkthdr; /* especially tags */ 298 SLIST_INIT(&from->m_pkthdr.tags); /* purge tags from src */ 299 from->m_flags &= ~M_PKTHDR; 300 } What if on line 292, the mbufs to and from point to the same tag list? The method to resolve: 1ˇ˘simply comments out line 292 2ˇ˘compare if mbufs to and from point to the same tag list Sincerely yours Zhouyi Zhou Ma Yong Wu Xinsong Institute of Software Chinese Academy of Sciences
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603210400.k2L40hpf056833>