Date: Wed, 5 Jul 1995 22:43:22 PDT From: Bill Fenner <fenner@parc.xerox.com> To: bugs@freebsd.org Subject: ipfw 'reject' panics the system Message-ID: <95Jul5.224325pdt.49860@crevenia.parc.xerox.com>
next in thread | raw e-mail | index | archive | help
I took a glance at the firewall stuff when Michael Butler posted his most
recent message saying that using the firewall reject code will panic the
machine when a rejected packet comes in. It turns out that the firewall
code uses dtom(ip) on a rejected packet, but it's entirely possible that
the packet is in a cluster mbuf, on which dtom() doesn't work. I fixed
the code to pass the original mbuf along with the ip pointer, and Michael
said his panics went away.
Can someone (review and) commit these diffs?
Thanks,
Bill
*** ip_input.c.orig Thu Jul 6 00:55:40 1995
--- ip_input.c Thu Jul 6 00:56:19 1995
***************
*** 242,248 ****
*/
if (ip_fw_chk_ptr!=NULL)
! if (!(*ip_fw_chk_ptr)(ip,m->m_pkthdr.rcvif,ip_fw_chain) ) {
goto bad;
}
--- 242,248 ----
*/
if (ip_fw_chk_ptr!=NULL)
! if (!(*ip_fw_chk_ptr)(m,ip,m->m_pkthdr.rcvif,ip_fw_chain) ) {
goto bad;
}
*** ip_fw.c.orig Wed Jul 5 17:47:06 1995
--- ip_fw.c Wed Jul 5 17:47:38 1995
***************
*** 104,110 ****
#ifdef IPFIREWALL
int
! ip_fw_chk(ip, rif, chain)
struct ip *ip;
struct ifnet *rif;
struct ip_fw *chain;
--- 104,111 ----
#ifdef IPFIREWALL
int
! ip_fw_chk(m, ip, rif, chain)
! struct mbuf *m;
struct ip *ip;
struct ifnet *rif;
struct ip_fw *chain;
***************
*** 115,121 ****
struct icmp *icmp = (struct icmp *) ((u_long *) ip + ip->ip_hl);
struct ifaddr *ia = NULL, *ia_p;
struct in_addr src, dst, ia_i;
- struct mbuf *m;
u_short src_port = 0, dst_port = 0;
u_short f_prt = 0, prt;
char notcpsyn = 1;
--- 116,121 ----
***************
*** 302,308 ****
return TRUE;
bad_packet:
- m = dtom(ip);
if (f != NULL) {
/*
* Do not ICMP reply to icmp packets....:) or to packets
--- 302,307 ----
*** ip_fw.h.orig Wed Jul 5 17:47:11 1995
--- ip_fw.h Wed Jul 5 17:48:03 1995
***************
*** 126,132 ****
/*
* Function pointers.
*/
! extern int (*ip_fw_chk_ptr)(struct ip *,struct ifnet *,struct ip_fw *);
extern int (*ip_fw_ctl_ptr)(int,struct mbuf *);
extern void (*ip_acct_cnt_ptr)(struct ip *,struct ifnet *,struct ip_fw
*,int);
--- 126,132 ----
/*
* Function pointers.
*/
! extern int (*ip_fw_chk_ptr)(struct mbuf *,struct ip *,struct ifnet *,struct
ip_fw *);
extern int (*ip_fw_ctl_ptr)(int,struct mbuf *);
extern void (*ip_acct_cnt_ptr)(struct ip *,struct ifnet *,struct ip_fw
*,int);
***************
*** 135,141 ****
/*
* Function definitions.
*/
! int ip_fw_chk(struct ip *,struct ifnet *,struct ip_fw *);
int ip_fw_ctl(int,struct mbuf *);
void ip_acct_cnt(struct ip *,struct ifnet *,struct ip_fw *,int);
--- 135,141 ----
/*
* Function definitions.
*/
! int ip_fw_chk(struct mbuf *,struct ip *,struct ifnet *,struct ip_fw *);
int ip_fw_ctl(int,struct mbuf *);
void ip_acct_cnt(struct ip *,struct ifnet *,struct ip_fw *,int);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95Jul5.224325pdt.49860>