On Thu, Mar 13, 2014 at 01:09:15AM +0400, Andrey Chernov wrote:
A> On 12.03.2014 18:29, Gleb Smirnoff wrote:
A> > --- head/sys/netinet/ip_input.c Wed Mar 12 12:27:13 2014
(r263090)
A> > +++ head/sys/netinet/ip_input.c Wed Mar 12 14:29:08 2014
(r263091)
A> > @@ -794,6 +795,8 @@ SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxf
A> > NULL, 0, sysctl_maxnipq, "I",
A> > "Maximum number of IPv4 fragment reassembly queue entries");
A> >
A> > +#define M_IP_FRAG M_PROTO9
A> > +
A> > /*
A> > * Take incoming datagram fragment and try to reassemble it into
A> > * whole datagram. If the argument is the first fragment or one
A> >
A> > Modified: head/sys/netinet6/in6.h
A> >
==============================================================================
A> > --- head/sys/netinet6/in6.h Wed Mar 12 12:27:13 2014
(r263090)
A> > +++ head/sys/netinet6/in6.h Wed Mar 12 14:29:08 2014
(r263091)
A> > @@ -622,13 +622,18 @@ struct ip6_mtuinfo {
A> > #endif /* __BSD_VISIBLE */
A> >
A> > /*
A> > - * Redefinition of mbuf flags
A> > + * Since both netinet/ and netinet6/ call into netipsec/ and netpfil/,
A> > + * the protocol specific mbuf flags are shared between them.
A> > */
A> > -#define M_AUTHIPHDR M_PROTO2
A> > -#define M_DECRYPTED M_PROTO3
A> > -#define M_LOOP M_PROTO4
A> > -#define M_AUTHIPDGM M_PROTO5
A> > -#define M_RTALERT_MLD M_PROTO6
A> > +#define M_FASTFWD_OURS M_PROTO1 /* changed dst to local
*/
A> > +#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop
*/
A> > +#define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop
*/
A> > +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall
processing */
A> > +#define M_AUTHIPHDR M_PROTO4
A> > +#define M_DECRYPTED M_PROTO5
A> > +#define M_LOOP M_PROTO6
A> > +#define M_AUTHIPDGM M_PROTO7
A> > +#define M_RTALERT_MLD M_PROTO8
A> >
A>
A> Next time someone add new mbuf flag to in6.h, it will be M_PROTO9 and
A> situation repeat itself, since you left M_PROTO9 in ip_input.c
Not true probably. The ip fragment reassembly code is dead end of the
stack. Once mbufs reach the reassembly queue, they won't go anywhere
else. So clash there should be safe.
Notice that before my commit M_IP_FRAG was clashing with M_LOOP and
we didn't have any bug reports on that.
I've put the non-clashing value there just being overcautios and not
having enough time to analyze and test the reassembly. I also put an
XXX comment, it seems to me that resulting (reassembled mbuf) might
inherit flags from the first fragment, and I am not absolutely sure
it is correct.
--
Totus tuus, Glebius.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
