[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kernel/2172: crash and freeze, maybe pf and/or ip6 related
The following reply was made to PR kernel/2172; it has been noted by GNATS.
From: Mike Frantzen <frantzen@w4g.org>
To: clay@boobah.com
Cc: gnats@openbsd.org
Subject: Re: kernel/2172: crash and freeze, maybe pf and/or ip6 related
Date: Thu, 8 Nov 2001 09:32:55 -0500
* clay@boobah.com <clay@boobah.com>:
> >Synopsis: crash and freeze, maybe pf and/or ip6 related
> my machine is freezing every 2 days or so (this is the third crash in the past week)
> with the message "panic: m_copydata: off -1 < 0"
Can you apply this diff and make sure it fixes your problem. (Then do
anything you can to generate IPv6 non-ping ICMP traffic)
Lemme know if it seems to work. I've been running with it for a week
but my IPv6 traffic load is very low.
Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.164
diff -u -r1.164 pf.c
--- pf.c 24 Oct 2001 09:07:38 -0000 1.164
+++ pf.c 8 Nov 2001 14:33:22 -0000
@@ -3954,12 +3954,8 @@
pd2.src = (struct pf_addr *)&h2_6.ip6_src;
pd2.dst = (struct pf_addr *)&h2_6.ip6_dst;
pd2.ip_sum = NULL;
+ off2 = ipoff2 + sizeof(h2_6);
do {
- while (off >= m->m_len) {
- off -= m->m_len;
- m = m->m_next;
- }
-
switch (pd2.proto) {
case IPPROTO_FRAGMENT:
/* XXX we don't handle fagments yet */
@@ -3969,11 +3965,16 @@
case IPPROTO_ROUTING:
case IPPROTO_DSTOPTS: {
/* get next header and header length */
- struct _opt6 *opt6;
+ struct _opt6 opt6;
- opt6 = (struct _opt6 *)(mtod(m, caddr_t) + off2);
- pd2.proto = opt6->opt6_nxt;
- off2 += (opt6->opt6_hlen + 1) * 8;
+ if (!pf_pull_hdr(m, off2, &opt6,
+ sizeof(opt6), NULL, NULL, pd2.af)) {
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: ICMPv6 short opt\n"));
+ return(PF_DROP);
+ }
+ pd2.proto = opt6.opt6_nxt;
+ off2 += (opt6.opt6_hlen + 1) * 8;
/* goto the next header */
break;
}