: 1364: ip_freef(struct ipq *fp)
: 1365: {
: 1366: struct mbuf *q;
: 1367:
: 1368: while (fp->ipq_frags) {
: 1369: q = fp->ipq_frags;
: 1370: fp->ipq_frags = q->m_nextpkt;
:+ q->m_nextpkt = NULL;
: 1371: m_freem(q);
: 1372: }
: 1373: remque(fp);
: 1374: mpipe_free(&ipq_mpipe, fp);
: 1375: nipq--;
: 1376: }
:
:m_freem() frees an mbuf chain. It calls m_free() to free each mbuf.
:So, I think q->m_nextpkt should be cleared before calling m_freem().
:If we add the line indicated by the '+' sign above, I think this
:problem will be fixed.
:
:I will try this modificatioin on Thursday.
:
:Regards,
:Noritoshi Demizu
That looks right. Nice catch guys! Go ahead and commit any time.
-Matt
Matthew Dillon
<[EMAIL PROTECTED]>
