Date: Tue, 21 Mar 2006 04:00:43 GMT From: zhouyi zhou <zhouyi04@ios.cn> To: freebsd-bugs@FreeBSD.org Subject: (Resolved) Re: kern/94599: [mac] MAC (Mandatory Access Control) and IPSEC can not coexist Message-ID: <200603210400.k2L40hpf056833@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/94599; it has been noted by GNATS.
From: zhouyi zhou <zhouyi04@ios.cn>
To: bug-followup@FreeBSD.org
Cc: zhouyi04@ios.cn
Subject: (Resolved) Re: kern/94599: [mac] MAC (Mandatory Access Control) and
IPSEC can not coexist
Date: Tue, 21 Mar 2006 11:50:54 +0800
FreeBSD release 5.4 to 6.0 exists serious bugs,
when IPSEC and MAC configured togethor (the system will crash).
The reason is follows:
277 m_move_pkthdr(struct mbuf *to, struct mbuf *from)
278 {
279
280 #if 0
281 /* see below for why these are not enabled */
282 M_ASSERTPKTHDR(to);
283 /* Note: with MAC, this may not be a good assertion. */
284 KASSERT(SLIST_EMPTY(&to->m_pkthdr.tags),
285 ("m_move_pkthdr: to has tags"));
286 #endif
287 #ifdef MAC
288 /*
289 * XXXMAC: It could be this should also occur for non-MAC?
290 */
291 if (to->m_flags & M_PKTHDR)
292 m_tag_delete_chain(to, NULL);
293 #endif
294 to->m_flags = (from->m_flags & M_COPYFLAGS) | (to->m_flags & M_EXT);
295 if ((to->m_flags & M_EXT) == 0)
296 to->m_data = to->m_pktdat;
297 to->m_pkthdr = from->m_pkthdr; /* especially tags */
298 SLIST_INIT(&from->m_pkthdr.tags); /* purge tags from src */
299 from->m_flags &= ~M_PKTHDR;
300 }
What if on line 292, the mbufs to and from point to the same tag list?
The method to resolve:
1ˇ˘simply comments out line 292
2ˇ˘compare if mbufs to and from point to the same tag list
Sincerely yours
Zhouyi Zhou
Ma Yong
Wu Xinsong
Institute of Software
Chinese Academy of Sciences
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603210400.k2L40hpf056833>