From owner-freebsd-net Fri Jun 7 16: 0:56 2002 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 4A99537B409 for ; Fri, 7 Jun 2002 16:00:48 -0700 (PDT) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id PAA13255; Fri, 7 Jun 2002 15:50:02 -0700 (PDT) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g57MmmE66619; Fri, 7 Jun 2002 15:48:48 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200206072248.g57MmmE66619@arch20m.dellroad.org> Subject: Re: m->m_pkthdr.header In-Reply-To: <20020607172612.G42854-100000@sasami.jurai.net> "from Matthew N. Dodd at Jun 7, 2002 05:28:21 pm" To: "Matthew N. Dodd" Date: Fri, 7 Jun 2002 15:48:48 -0700 (PDT) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Matthew N. Dodd writes: > > - Rejigger the oltr driver to pass its "secret" information using > > an auxillary mbuf instead of m->m_pkthdr.header. > > > > Any comments/objections? > > Please look at the 'kluge' that NetBSD uses. > > netinet/if_arp.c: > trh = (struct token_header *)M_TRHSTART(m); > > net/if_token.h: > /* > * This is a kludge to get at the token ring mac header and the source route > * information after m_adj() has been used on the mbuf. > * Note that m is always an mbuf with a packet header. > */ > #define M_TRHSTART(m) \ > (ALIGN(((m)->m_flags & M_EXT ? (m)->m_ext.ext_buf : &(m)->m_pktdat[0]) \ > + sizeof (struct token_header)) - sizeof(struct token_header)) Thanks for the reference. This kludge is only slightly better than FreeBSD's kludge and either way it is the root of the problem. It's simply not valid to rely on data m_adj'ed out of an mbuf always being there. If somebody calls m_copypacket() or m_pullup(), you're out of luck. FYI, the *real* problem I'm trying to solve is that in_arpinput() stomps all over its mbuf without first checking M_WRITABLE(m). The patch below would work nicely except it breaks this token ring hack. I'm tempted to just check it in and let the token ring people fix their own bug instead of doing it for them. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com --- /sys/netinet/if_ether.c Wed Dec 26 09:36:36 2001 +++ netinet/if_ether.c Fri Jun 7 15:43:30 2002 @@ -675,6 +675,15 @@ m_freem(m); return; } + + /* Ensure the mbuf is writable before stomping on it */ + if (!M_WRITABLE(m)) { + if ((m = m_pullup(m, sizeof(struct ether_arp))) == NULL) + return; + ea = mtod(m, struct ether_arp *); + } + + /* Check the target IP address */ if (itaddr.s_addr == myaddr.s_addr) { /* I am the target */ (void)memcpy(ea->arp_tha, ea->arp_sha, sizeof(ea->arp_sha)); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message