tech-net: Re: kern/7831: panic: m

Subject: Re: kern/7831: panic: m_copydata
To: Darren Reed <darrenr@reed.wattle.id.au>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-net
Date: 08/05/1999 14:51:57
--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii

On Thu, Aug 05, 1999 at 10:29:32AM +1000, Darren Reed wrote:
> There should be a sanity check higher up to ensure that the protocol of
> the current packet being processed matches the protocol which the proxy
> has been designed to support.  Patch below.
> 
> Darren
> 
> Index: ip_proxy.c
> ===================================================================
> RCS file: /devel/CVS/IP-Filter/ip_proxy.c,v
> retrieving revision 2.1
> diff -c -r2.1 ip_proxy.c
> *** ip_proxy.c	1999/08/04 17:29:58	2.1
> --- ip_proxy.c	1999/08/05 00:28:41
> ***************
> *** 185,191 ****
>   		nat->nat_aps = ap_new_session(nat->nat_ptr->in_apr, ip,
>   					      fin, nat);
>   	aps = nat->nat_aps;
> ! 	if (aps != NULL) {
>   		if (ip->ip_p == IPPROTO_TCP) {
>   			tcp = (tcphdr_t *)fin->fin_dp;
>   			/*
> --- 185,191 ----
>   		nat->nat_aps = ap_new_session(nat->nat_ptr->in_apr, ip,
>   					      fin, nat);
>   	aps = nat->nat_aps;
> ! 	if ((aps != NULL) && (aps->aps_p == ip->ip_p)) {
>   		if (ip->ip_p == IPPROTO_TCP) {
>   			tcp = (tcphdr_t *)fin->fin_dp;
>   			/*

Hum the problem is that the NetBSD sources don't look exactly like this.
I guess this change in the NetBSD tree would look like what's appended
below (could you check it's correct please ?).

This will make ap_check() return -1 instead of 2, will this cause problems in
the future ? (for now the return value of ap_check() seems to not be used)

I tested my change this morning. Without this I can panic my router at will
once I've found a dest addr which will respond with a ICMP host runreach.
With this change, the router doesn't panic and the ICMP message is
properly routed back to the inside machine.
As this change does basically the same thing I don't expect problems with
it. I'll test when I get close to this router again.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--

--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ipnat.diff2"

Index: ip_proxy.c
===================================================================
RCS file: /cvsroot/syssrc/sys/netinet/ip_proxy.c,v
retrieving revision 1.17
diff -u -r1.17 ip_proxy.c
--- ip_proxy.c	1999/02/02 19:57:32	1.17
+++ ip_proxy.c	1999/08/05 12:48:02
@@ -197,8 +197,9 @@
 	u_32_t sum;
 	int err;
 
-	if ((aps = nat->nat_aps) ||
-	    (aps = ap_new_session(nat->nat_ptr->in_apr, ip, fin, nat))) {
+	if ((aps = nat->nat_aps) == NULL)
+		aps = ap_new_session(nat->nat_ptr->in_apr, ip, fin, nat);
+	if ((aps != NULL) && (aps->aps_p == ip->ip_p)) {
 		if (ip->ip_p == IPPROTO_TCP) {
 			tcp = (tcphdr_t *)fin->fin_dp;
 			/*

--Kj7319i9nmIyA2yE--