Resolving FreeBSD MAC Framework and IPSEC confliction
zhouyi zhou
zhouyi04 at ios.cn
Tue Mar 21 03:39:25 UTC 2006
High, every one FreeBSD release 5.4 to 6.0 exists serious bugs,
when IPSEC and MAC configured togethor (the system will crash).
The reason is follows:
277 m_move_pkthdr(struct mbuf *to, struct mbuf *from)
278 {
279
280 #if 0
281 /* see below for why these are not enabled */
282 M_ASSERTPKTHDR(to);
283 /* Note: with MAC, this may not be a good assertion. */
284 KASSERT(SLIST_EMPTY(&to->m_pkthdr.tags),
285 ("m_move_pkthdr: to has tags"));
286 #endif
287 #ifdef MAC
288 /*
289 * XXXMAC: It could be this should also occur for non-MAC?
290 */
291 if (to->m_flags & M_PKTHDR)
292 m_tag_delete_chain(to, NULL);
293 #endif
294 to->m_flags = (from->m_flags & M_COPYFLAGS) | (to->m_flags & M_EXT);
295 if ((to->m_flags & M_EXT) == 0)
296 to->m_data = to->m_pktdat;
297 to->m_pkthdr = from->m_pkthdr; /* especially tags */
298 SLIST_INIT(&from->m_pkthdr.tags); /* purge tags from src */
299 from->m_flags &= ~M_PKTHDR;
300 }
What if on line 292, the mbufs to and from point to the same tag list?
The method to resolve:
1、simply comments out line 292
2、compare if mbufs to and from point to the same tag list
Sincerely yours
Zhouyi Zhou
Ma Yong
Wu Xinsong
Institute of Software
Chinese Academy of Sciences
More information about the freebsd-bugs
mailing list