Subject: Re: something strange with mbuf length...
To: Rui Paulo <>
From: Steven M. Bellovin <>
List: tech-net
Date: 04/22/2006 09:56:21
On Sat, 22 Apr 2006 14:36:10 +0100, Rui Paulo <> wrote:

> Okay, there's a very easy way to test this and perhaps you are the
> best candidate since I bet your ipf rules are much simpler than
> Konstantin. Can you try to rebuild a kernel without ipfilter but with
> pf and convert your ipfilter rules to pf ?
> That would tells us if it's ipfilter's fault hopefuly.
I thought of that, but since the crashes occur about once every couple of
days it will take a long time to get any confidence.  Instead, I just now
built a kernel that checks m_len and m_length before and after invoking
any pfil_hooks in ip_input and ip_output, and panics if the checks fail.  I
don't think I'm using any other hooks now, though I do have both pf and
ipsec in that kernel. I could pull them out, too, I suppose.

		--Steven M. Bellovin,