ip_fastforward() sanity check..
James
haesu at towardex.com
Sat Nov 6 02:25:42 PST 2004
I seem to have a little concern in one specific early-sanity check in the
ip_fastforward() function of the latest 5.3 code base:
/*
* Is first mbuf large enough for ip header and is header present?
*/
if (m->m_len < sizeof (struct ip) &&
(m = m_pullup(m, sizeof (struct ip))) == 0) {
ipstat.ips_toosmall++;
goto drop;
}
Okay, if m_pullup() returns 0 due to failure, it already called m_freem(m) by
itself. But we have "goto drop;" after that, which is redundant, no?
I don't think this is a bit of issue in IPv4 implementation, but as obviously,
in IPv6 implementation, if calling 'goto drop' or redundant m_freem(m) in case
where m_pullup returns NULL/0, it may crash the kernel rock hard at
m_tag_delete_chain in uipc_mbuf.c (even if you are checking 'if (m) m_freem(m)'
as remains are left over)
If any one has any comments, please let me know. If this is not a concern
please disregard my rant and excuse me for waste of time :)
Thanks,
-J
--
James Jun TowardEX Technologies, Inc.
Technical Lead IPv4 and Native IPv6 Colocation, Bandwidth,
james at towardex.com and Web Hosting Services in the Metro Boston area
cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
More information about the freebsd-net
mailing list