NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

re: kern/43541: Unaligned access in pf_normalize_tcpopt()



The following reply was made to PR kern/43541; it has been noted by GNATS.

From: matthew green <mrg%eterna.com.au@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
    netbsd-bugs%netbsd.org@localhost, Hisashi T Fujinaka 
<htodd%twofifty.com@localhost>
Subject: re: kern/43541: Unaligned access in pf_normalize_tcpopt() 
Date: Tue, 29 Jun 2010 04:15:00 +1000

 i wonder if this is the same problem as reported in:
 
   port-sparc/40629: kernel panic under high network load using pf (and ipv6)
 
 hisashi, can you try the patch in this PR for your problem?
 (included below again.)
 
 
 .mrg.
 
 
 Index: sys/dist/pf/net/pf_norm.c
 ===================================================================
 --- sys/dist/pf/net/pf_norm.c
 +++ sys/dist/pf/net/pf_norm.c  (working copy)
 @@ -1878,7 +1878,7 @@
  pf_normalize_tcpopt(struct pf_rule *r, struct mbuf *m, struct tcphdr *th,
      int off)
  {
 -      u_int16_t       *mss;
 +      u_int16_t        mss;
        int              thoff;
        int              opt, cnt, optlen = 0;
        int              rewrite = 0;
 @@ -1903,11 +1903,12 @@
                }
                switch (opt) {
                case TCPOPT_MAXSEG:
 -                      mss = (u_int16_t *)(optp + 2);
 -                      if ((ntohs(*mss)) > r->max_mss) {
 +                      mss = (optp[2] << 8) | optp[3];
 +                      if (mss > r->max_mss) {
                                th->th_sum = pf_cksum_fixup(th->th_sum,
 -                                  *mss, htons(r->max_mss), 0);
 -                              *mss = htons(r->max_mss);
 +                                  htons(mss), htons(r->max_mss), 0);
 +                              optp[2] = (u_char)(r->max_mss >> 8) & 0xff;
 +                              optp[3] = (u_char)(r->max_mss) & 0xff;
                                rewrite = 1;
                        }
                        break;
 


Home | Main Index | Thread Index | Old Index