kern/61215: off-by-one error likely in ip_fragment()
andre at freebsd.org
Thu Jan 15 12:13:56 PST 2004
David Gilbert wrote:
> >>>>> "Andre" == Andre Oppermann <andre at freebsd.org> writes:
> Andre> David, the problem with if_gre is actually twofold:
> Andre> - the change of htons(m->m_pkthdr.len) in the last commit to
> Andre> that file is incorrect. In FreeBSD this is done in ip_output
> Andre> for all packets sent (unless RAW).
> Andre> - The struct ip which is contained in struct gh is not
> Andre> correctly intialized. For some reason this didn't matter until
> Andre> now. It seems M_PREPREND may return non-zeroed memory.
> Andre> There is no problem in either ip_fragment() nor m_copym() (and
> Andre> the 'fix' I posted is bogus, however some of those KASSERTs are
> Andre> highly bogus too and misleading).
> Andre> Please try the attached patch. I was able to get correct GRE
> Andre> packets with that patch (as seen by ethereal).
> Andre> I'm not sure if it is better to do a bzero() on the entire
> Andre> struct gh to have all ip header values set to zero for sure.
> Andre> There are still some that are unitialized.
> I'm not sure what's up. Your patch wouldn't apply to v1.17 of my
> if_gre.c, so something's wrong with the patch. Regardless, I applied
> the patch by hand and things didn't work yet.
Didn't it apply because of patch complaining or because it didn't
match at all?
> The kernel didn't crash, but packets routed into the tunnel didn't
> show up on the outbound interface. I my case, the machine has three
> ethernet-like interfaces and the gre.
> wi0 and sis0 are internal networks. dc0 is the external network
> interface. A /32 route for the far end of the tunnel exists (and
> works on the new kernel ... it pings), but pings into the tunnel don't
> generate traffic on dc0 (at least according to tcpdump).
Do you enable "link1" on your GRE interface?
What does ifconfig -a show?
More information about the freebsd-current