Subject: routing cache related crashes with v6-mapped IPv4 addresses
To: None <tech-net@netbsd.org>
From: Matthias Drochner <M.Drochner@fz-juelich.de>
List: tech-net
Date: 11/13/2007 15:16:35
Hi -
I've enabled v4-to-v6-mapped addresses on my system
(by setting the "v6only" sysctl to 0), and not it crashes
from kernel page faults occasionally.
The stackframe is:
in6_pcbrtentry+0x60()
tcp_segsize+0xbf()
tcp_output+0x153()
tcp_usrreq()
sosend()

The crash happens within the v6 address comparision in
netinet6/in6_pcb.c (-current, rev. 1.89), line 916.
Looking deeper, the "cdst" pointer returned by
rtcache_getdst() was 0xc1bc8ff0. 0xc1bc9000 was an
invalid address.
The sockaddr at *cdst was actually an IPv4 sockaddr_in
for which the 16 bytes are just enough.

So the case of an IPv4 route needs to be handled
explicitely, otherwise the IPv6 address comparision
will compare random junk. (and the cache will have
little effect)

best regards
Matthias




-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich

Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDirig'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. 
Vorsitzender)
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------