kern/52935: occasional panic in ip_input with IPSEC
David Hedley
david at bill.inty.net
Wed Jun 4 06:40:14 PDT 2003
>Number: 52935
>Category: kern
>Synopsis: occasional panic in ip_input with IPSEC
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 04 06:40:11 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: David Hedley
>Release: FreeBSD 4.7-RELEASE i386
>Organization:
Inty Ltd
>Environment:
>Description:
We are seeing occasional kernel panics when using IPSEC. The panic occurs in ip_input at the following line:
* be handled via ip_forward() and ether_output() with the loopback
* into the stack for SIMPLEX interfaces handled by ether_output().
*/
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { <<<<< Panic here
TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
if (ifa->ifa_addr->sa_family != AF_INET)
continue;
ia = ifatoia(ifa);
It seems that m_pkthdr.rcvif is NULL and hence the resulting deference is invalid.
>How-To-Repeat:
>Fix:
Ensure rcvif is not NULL before deferencing it:
* be handled via ip_forward() and ether_output() with the loopback
* into the stack for SIMPLEX interfaces handled by ether_output().
*/
if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) {
TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
if (ifa->ifa_addr->sa_family != AF_INET)
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list