tech-net: Re: NMBCLUSTERS again

Subject: Re: NMBCLUSTERS again
To: None <6bone@6bone.informatik.uni-leipzig.de>
From: Darren Reed <darrenr@netbsd.org>
List: tech-net
Date: 10/27/2007 13:30:40
This is a multi-part message in MIME format.
--------------010902020108080205030502
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

If you're using IPFilter, the attached patch might help.

There are some situations where the mbuf that holds the packet
isn't the first mbuf in the chain can lead to the first mbuf not being
freed.

Darren


--------------010902020108080205030502
Content-Type: text/plain;
 name="ipf.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="ipf.patch"

Index: ip_fil_netbsd.c
===================================================================
RCS file: /devel/CVS/IP-Filter/ip_fil_netbsd.c,v
retrieving revision 2.55.2.55
diff -c -r2.55.2.55 ip_fil_netbsd.c
*** ip_fil_netbsd.c	27 Oct 2007 16:00:59 -0000	2.55.2.55
--- ip_fil_netbsd.c	27 Oct 2007 20:27:12 -0000
***************
*** 1077,1089 ****
  }
  
  
  int fr_fastroute(m0, mpp, fin, fdp)
  mb_t *m0, **mpp;
  fr_info_t *fin;
  frdest_t *fdp;
  {
  	register struct ip *ip, *mhip;
! 	register struct mbuf *m = m0;
  	register struct route *ro;
  	int len, off, error = 0, hlen, code;
  	struct ifnet *ifp, *sifp;
--- 1077,1093 ----
  }
  
  
+ /*
+  * m0 - pointer to mbuf where the IP packet starts
+  * mpp - pointer to the mbuf pointer that is the start of the mbuf chain
+  */
  int fr_fastroute(m0, mpp, fin, fdp)
  mb_t *m0, **mpp;
  fr_info_t *fin;
  frdest_t *fdp;
  {
  	register struct ip *ip, *mhip;
! 	register struct mbuf *m = *mpp;
  	register struct route *ro;
  	int len, off, error = 0, hlen, code;
  	struct ifnet *ifp, *sifp;
***************
*** 1215,1220 ****
--- 1219,1227 ----
  			ip->ip_sum = 0;
  			break;
  		case -1 :
+ 			FREE_MB_T(m);
+ 			*mpp = NULL;
+ 			m = NULL;
  			error = -1;
  			goto done;
  			break;
***************
*** 1496,1504 ****
  		if ((error == 0) && (m0->m_pkthdr.len <= mtu)) {
  			*mpp = NULL;
  # if __NetBSD_Version__ >= 499001100
! 			error = nd6_output(ifp, ifp, m0, satocsin6(dst), rt);
  # else
! 			error = nd6_output(ifp, ifp, m0, dst6, rt);
  # endif
  		} else {
  			error = EMSGSIZE;
--- 1503,1511 ----
  		if ((error == 0) && (m0->m_pkthdr.len <= mtu)) {
  			*mpp = NULL;
  # if __NetBSD_Version__ >= 499001100
! 			error = nd6_output(ifp, ifp, *mpp, satocsin6(dst), rt);
  # else
! 			error = nd6_output(ifp, ifp, *mpp, dst6, rt);
  # endif
  		} else {
  			error = EMSGSIZE;

--------------010902020108080205030502--