On Tue, Oct 18, 2005 at 11:01:40AM +1300, Ian McDonald wrote:
> [<c01034ee>] dump_stack+0x1e/0x30
> [<c0319c25>] ip_options_echo+0x45/0x360
> [<c033a866>] icmp_send+0x106/0x3d0
> [<c0315a8c>] ipv4_link_failure+0x2c/0x60
> [<c0338a97>] arp_error_report+0x57/0x60
> [<c0305c5a>] neigh_timer_handler+0xba/0x250
>
> OK above is the stack trace. Can see that it is failing to get an ARP
> response which makes sense since we are sending to a non-existent
> machine...
Thanks. Turns out the problem has nothing to do with use-after-free
or double-free. It's just that we're not clearing the CB area and
DCCP unlike TCP uses a CB format that's incompatible with IP.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/net/dccp/output.c b/net/dccp/output.c
--- a/net/dccp/output.c
+++ b/net/dccp/output.c
@@ -102,6 +102,7 @@ int dccp_transmit_skb(struct sock *sk, s
DCCP_INC_STATS(DCCP_MIB_OUTSEGS);
+ memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
err = ip_queue_xmit(skb, 0);
if (err <= 0)
return err;
