Subject: ipsec4_splithdr still an issue with netbsd-4
To: None <tech-net@netbsd.org>
From: Greg Troxel <gdt@ir.bbn.com>
List: tech-net
Date: 04/12/2007 15:00:22
Earlier Emmanuel Dreyfus reported panics with ipsec4_splithdr:
http://mail-index.netbsd.org/tech-net/2006/06/15/0002.html
I have also experienced these. The following patch against netbsd-4
results in the following output:
ipsec4_splithdr: m->m_len 0 m_length 176 < 20
ipsec4_splithdr: m->m_len 0 m_length 176 < 20
So, it seems that a 0-length mbuf got prepended somehow, and
ipsec4_splithdr assumes this isn't the case. Probably it should do
m_pullup rather than just asserting. Thoughts?
--- ipsec.c.~1.110.2.1.~ 2007-01-29 15:58:56.000000000 -0500
+++ ipsec.c 2007-04-11 12:38:25.000000000 -0400
@@ -3219,8 +3219,16 @@ ipsec4_splithdr(m)
struct ip *ip;
int hlen;
- if (m->m_len < sizeof(struct ip))
+ if (m->m_len < sizeof(struct ip)) {
+ /* XXX Print and drop until we understand. */
+ printf("ipsec4_splithdr: m->m_len %d m_length %d < %ld\n",
+ m->m_len, m_length(m), sizeof(struct ip));
+ m_freem(m);
+ return NULL;
+#if 0
panic("ipsec4_splithdr: first mbuf too short");
+#endif
+ }
ip = mtod(m, struct ip *);
hlen = ip->ip_hl << 2;
if (m->m_len > hlen) {