IP Filter bug report form.
--------------------------
IP Filter Version: 4.1.6
Operating System Version: Solaris 10 x86
Configuration: LKM
Description of problem:
Using traceroute to a Solaris 10 x86 host with an empty
ruleset hangs / panics.
How to repeat:
Install IP Filter. Setup ipf.conf so it simply passes all.
Run traceroute to this system from another system and watch
this system hang / panic (pressing return a couple of times
on the console displays junk prior to the hang ... as if the
stream buffer is getting trashed). The enclosed * lightly tested *
patch to ip_fil_solaris.c (when used with the pfil patch) fixes
the problem.
*** ip_fil_solaris.c.ORIGINAL Sat Jan 8 11:55:56 2005
--- ip_fil_solaris.c Mon Feb 28 19:23:34 2005
*************** int len;
*** 1387,1437 ****
dpoff = 0;
if (M_LEN(m) < len) {
- int inc = 0;
! if (ipoff > 0) {
! if ((ipoff & 3) != 0) {
! inc = 4 - (ipoff & 3);
! if (m->b_rptr - inc >= m->b_datap->db_base)
! m->b_rptr -= inc;
! else
! inc = 0;
! }
! }
! m = msgpullup(min, len + ipoff + inc);
! if (m == NULL) {
ATOMIC_INCL(frstats[out].fr_pull[1]);
FREE_MB_T(*fin->fin_mp);
*fin->fin_mp = NULL;
fin->fin_m = NULL;
return NULL;
}
- /*
- * Because msgpullup allocates a new mblk, we need to delink
- * (and free) the old one and link on the new one.
- */
- if (min == *fin->fin_mp) { /* easy case 1st */
- FREE_MB_T(*fin->fin_mp);
- *fin->fin_mp = m;
- } else {
- mb_t *m2;
-
- for (m2 = *fin->fin_mp; m2 != NULL; m2 = m2->b_next)
- if (m2->b_next == min)
- break;
- if (m2 == NULL) {
- ATOMIC_INCL(frstats[out].fr_pull[1]);
- FREE_MB_T(*fin->fin_mp);
- FREE_MB_T(m);
- return NULL;
- }
- FREE_MB_T(min);
- m2->b_next = m;
- }
-
fin->fin_m = m;
- m->b_rptr += inc;
ip = MTOD(m, char *) + ipoff;
qpi->qpi_data = ip;
}
--- 1387,1411 ----
dpoff = 0;
if (M_LEN(m) < len) {
! /*
! * pfil_precheck ensures the IP header is on a 32bit
! * aligned address so simply fail if that isn't currently
! * the case (should never happen).
! */
! if ((ipoff & 3) != 0
! || ! pullupmsg (m, len + ipoff)) {
ATOMIC_INCL(frstats[out].fr_pull[1]);
FREE_MB_T(*fin->fin_mp);
*fin->fin_mp = NULL;
fin->fin_m = NULL;
+ fin->fin_ip = NULL;
+ fin->fin_dp = NULL;
+ qpi->qpi_data = NULL;
return NULL;
}
fin->fin_m = m;
ip = MTOD(m, char *) + ipoff;
qpi->qpi_data = ip;
}
-------------------------------------------------------------------------
| Feith Systems | Voice: 1-215-646-8000 | Email: [EMAIL PROTECTED] |
| John Wehle | Fax: 1-215-540-5495 | |
-------------------------------------------------------------------------
