something strange with mbuf length...

"Steven M. Bellovin" <smbcs.columbia.edu> writes:

> On Sat, 22 Apr 2006 13:13:19 +0100, Rui Paulo
<rpaulofnop.net> wrote:
>
>> "Konstantin KABASSANOV"
<Konstantin.Kabassanovlip6.fr> writes:
>> 
>> > I do use ipfilter.
>> 
>> Since you and Steve both use ipfilter, can this be
the problem ?
>> 
> That's very high on my list of suspects.  I've had
the crash when using
> two different interfaces, ath0 and ppp0.  The ppp0
instance doesn't
> support v6; in fact, when I fire up ntpd after starting
that link, I get
>
> bind() fd 12, family 24, port 123, addr
fe80::211:25ff:fe43:e8a4, in6_is_addr_multicast=0 flags=0
fails: Can't assign requested address
>
> My filter rules are very simple, too; no NAT, no
proxies, just blocking a few ports.

Okay, there's a very easy way to test this and perhaps you
are the
best candidate since I bet your ipf rules are much simpler
than
Konstantin. Can you try to rebuild a kernel without ipfilter
but with
pf and convert your ipfilter rules to pf ?
That would tells us if it's ipfilter's fault hopefuly.

-- 
  Rui Paulo			<rpaulo{NetBSD{,-PT}.org,fnop.net}>

On Sat, 22 Apr 2006 14:36:10 +0100, Rui Paulo <rpaulofnop.net> wrote:

>
> 
> Okay, there's a very easy way to test this and perhaps
you are the
> best candidate since I bet your ipf rules are much
simpler than
> Konstantin. Can you try to rebuild a kernel without
ipfilter but with
> pf and convert your ipfilter rules to pf ?
> That would tells us if it's ipfilter's fault
hopefuly.
> 
I thought of that, but since the crashes occur about once
every couple of
days it will take a long time to get any confidence. 
Instead, I just now
built a kernel that checks m_len and m_length before and
after invoking
any pfil_hooks in ip_input and ip_output, and panics if the
checks fail.  I
don't think I'm using any other hooks now, though I do
have both pf and
ipsec in that kernel. I could pull them out, too, I suppose.

		--Steven M. Bellovin, http://www.cs.columbi
a.edu/~smb