Subject: Re: IP_HDRINCL send on little-endian machine causes kernel panic
To: None <firstname.lastname@example.org>
From: Greg Troxel <email@example.com>
Date: 07/24/1996 11:06:08
I suspect that IP_HDRINCL was added to support traceroute, that
both it and traceroute were written on a big-endian machine, and that
all is 'ok' until now because traceroute indeed supplies
Your fix makes lots of sense, but I suspect you have to fix traceroute
Another thing that should get fixed is that somewhere (raw_ip?
fragment code?) a check should be made for (mbuf_len >= ip->ip_len)
before the m_copym is called; this should have been dropped packets,
not a panic.
I don't know if this is checked for packets that are to be forwarded;
presumably packets generated by the kernel code can be trusted.
Another source is IP_HDRINCL; I don't know if there are more sources
of 'raw'ish ip packets whose header length cannot be trusted to
reflect the actual packet (mbuf content) length.
Greg Troxel <firstname.lastname@example.org>