NAT Taversal bug in kernel patch ?

[ashoke saha]

Hi ,

just joined the mailibng list.  I was implementing 
NAT traversal based on the patch and my kernel was
panicking because of wrong ipsec config, which it
should not whatever be the config.

Looks like there is a small issue in the code
http://ipsec-tools.sourceforge.net/freebsd6-natt.diff 
which might already be fixed.

Look at the call of the function 
udp4_espinudp () in udp append. Now under certain
circumstances it is possible that udp4_espinudp ()
calls m_pullup() and it would add a new pkt header to
the mbuf chain. But udp_append() is still holding the
old head, whose PKTHDR flag is now off. It then sends
the pkt further up and kernel does as panic as it does
not see PKTHDR flag.

ashoke.




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com