Subject: Re: something strange with mbuf length...
To: Rui Paulo <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 04/22/2006 09:56:21
On Sat, 22 Apr 2006 14:36:10 +0100, Rui Paulo <firstname.lastname@example.org> wrote:
> Okay, there's a very easy way to test this and perhaps you are the
> best candidate since I bet your ipf rules are much simpler than
> Konstantin. Can you try to rebuild a kernel without ipfilter but with
> pf and convert your ipfilter rules to pf ?
> That would tells us if it's ipfilter's fault hopefuly.
I thought of that, but since the crashes occur about once every couple of
days it will take a long time to get any confidence. Instead, I just now
built a kernel that checks m_len and m_length before and after invoking
any pfil_hooks in ip_input and ip_output, and panics if the checks fail. I
don't think I'm using any other hooks now, though I do have both pf and
ipsec in that kernel. I could pull them out, too, I suppose.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb