Subject: Re: something strange with mbuf length...
To: Rui Paulo <rpaulo@fnop.net>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-net
Date: 04/22/2006 09:56:21
On Sat, 22 Apr 2006 14:36:10 +0100, Rui Paulo <rpaulo@fnop.net> wrote:

>
> 
> Okay, there's a very easy way to test this and perhaps you are the
> best candidate since I bet your ipf rules are much simpler than
> Konstantin. Can you try to rebuild a kernel without ipfilter but with
> pf and convert your ipfilter rules to pf ?
> That would tells us if it's ipfilter's fault hopefuly.
> 
I thought of that, but since the crashes occur about once every couple of
days it will take a long time to get any confidence.  Instead, I just now
built a kernel that checks m_len and m_length before and after invoking
any pfil_hooks in ip_input and ip_output, and panics if the checks fail.  I
don't think I'm using any other hooks now, though I do have both pf and
ipsec in that kernel. I could pull them out, too, I suppose.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb