svn commit: r263091 - in head/sys: netinet netinet6

Thu Mar 13 03:14:28 UTC 2014

On Thu, Mar 13, 2014 at 01:09:15AM +0400, Andrey Chernov wrote:
A> On 12.03.2014 18:29, Gleb Smirnoff wrote:
A> > --- head/sys/netinet/ip_input.c	Wed Mar 12 12:27:13 2014	(r263090)
A> > +++ head/sys/netinet/ip_input.c	Wed Mar 12 14:29:08 2014	(r263091)
A> > @@ -794,6 +795,8 @@ SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxf
A> >      NULL, 0, sysctl_maxnipq, "I",
A> >      "Maximum number of IPv4 fragment reassembly queue entries");
A> >  
A> > +#define	M_IP_FRAG	M_PROTO9
A> > +
A> >  /*
A> >   * Take incoming datagram fragment and try to reassemble it into
A> >   * whole datagram.  If the argument is the first fragment or one
A> > 
A> > Modified: head/sys/netinet6/in6.h
A> > ==============================================================================
A> > --- head/sys/netinet6/in6.h	Wed Mar 12 12:27:13 2014	(r263090)
A> > +++ head/sys/netinet6/in6.h	Wed Mar 12 14:29:08 2014	(r263091)
A> > @@ -622,13 +622,18 @@ struct ip6_mtuinfo {
A> >  #endif /* __BSD_VISIBLE */
A> >  
A> >  /*
A> > - * Redefinition of mbuf flags
A> > + * Since both netinet/ and netinet6/ call into netipsec/ and netpfil/,
A> > + * the protocol specific mbuf flags are shared between them.
A> >   */
A> > -#define	M_AUTHIPHDR	M_PROTO2
A> > -#define	M_DECRYPTED	M_PROTO3
A> > -#define	M_LOOP		M_PROTO4
A> > -#define	M_AUTHIPDGM	M_PROTO5
A> > -#define	M_RTALERT_MLD	M_PROTO6
A> > +#define	M_FASTFWD_OURS		M_PROTO1	/* changed dst to local */
A> > +#define	M_IP6_NEXTHOP		M_PROTO2	/* explicit ip nexthop */
A> > +#define	M_IP_NEXTHOP		M_PROTO2	/* explicit ip nexthop */
A> > +#define	M_SKIP_FIREWALL		M_PROTO3	/* skip firewall processing */
A> > +#define	M_AUTHIPHDR		M_PROTO4
A> > +#define	M_DECRYPTED		M_PROTO5
A> > +#define	M_LOOP			M_PROTO6
A> > +#define	M_AUTHIPDGM		M_PROTO7
A> > +#define	M_RTALERT_MLD		M_PROTO8
A> >  
A> 
A> Next time someone add new mbuf flag to in6.h, it will be M_PROTO9 and
A> situation repeat itself, since you left M_PROTO9 in ip_input.c

Not true probably. The ip fragment reassembly code is dead end of the
stack. Once mbufs reach the reassembly queue, they won't go anywhere
else. So clash there should be safe.

Notice that before my commit M_IP_FRAG was clashing with M_LOOP and
we didn't have any bug reports on that.

I've put the non-clashing value there just being overcautios and not
having enough time to analyze and test the reassembly. I also put an
XXX comment, it seems to me that resulting (reassembled mbuf) might
inherit flags from the first fragment, and I am not absolutely sure
it is correct.

-- 
Totus tuus, Glebius.