Subject: Re: crashes in ipfilter on i386
To: Michael van Elst <mlelstv@serpens.de>
From: Liam Foy <liamfoy@sepulcrum.org>
List: tech-net
Date: 07/24/2007 21:10:14
On 24/07/07, Michael van Elst <mlelstv@serpens.de> wrote:
> gdt@ir.bbn.com (Greg Troxel) writes:
>
> >I have an i386 running netbsd-4, and it's been crashing ever since I
> >upgraded recently.
>
> Are you sure that you use this code?
>
> > if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN) == -1)
> > return;
> [...]
> > icmp6 = fin->fin_dp;
> > ip6 = (ip6_t *)((char *)icmp6 + ICMPERR_ICMPHLEN);
> > if (IP6_NEQ(&fin->fin_fi.fi_dst,
> > &ip6->ip6_src))
> > fin->fin_flx |= FI_BAD;
>
> I am asking, because there was a bug exactly in this place
> (a stale version of the icmp6 pointer was used) and the crash
> was exactly where you have shown it in your previous mail.
>
> However, this is fixed in the code snippet above.
>
> The frpr_pullup ensures that enough data is in the buffer for the
> IP6_NEQ operation and the icmp6 (and thus ip6) pointers are recomputed
> in case the buffer was moved.
>
Which has also been pulled up to -4 if my memory is correct. Maybe try updating
your -4 tree and build a fresh kernel.
--
Liam J. Foy
liamjfoy@netbsd.org
http://bsdportal.org <- BSD News