Another discovered-by-prolonged-use bug involves IPv6 and IPsec.
Specifically, the ip_get_dst_v6() function makes the (faulty) assumption
about packets being single-mblk.
Here's a fix:
http://cr.opensolaris.org/~danmcd/6799166/
which has survived two IKE-STC runs w/o leaks or panics. It needs some
additional testing (specifically for the use case which FOUND the bug
initially).
It also has one XXX KEBE comment/question that needs answering, about how to
log or otherwise note a bad input packet. I'd appreciate any inputs on
answering this question.
Thanks!
Dan
_______________________________________________
networking-discuss mailing list
[email protected]
