[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kernel/1816: Repetable crashes of ipfilter
The following reply was made to PR kernel/1816; it has been noted by GNATS.
From: Federico Schwindt <fgsch@openbsd.org>
To: gnats@openbsd.org
Cc: Subject: Re: kernel/1816: Repetable crashes of ipfilter
Date: Wed, 9 May 2001 04:51:07 -0300
I've just this to Darren Reed. Diff below should fix the problem,
but wait to Darren's answer.
----- Forwarded message from Federico Schwindt <fgsch@openbsd.org> -----
Date: Wed, 9 May 2001 04:28:54 -0300
From: Federico Schwindt <fgsch@openbsd.org>
To: darrenr@pobox.com
Cc: kjell@openbsd.org, deraadt@openbsd.org
Subject: send_icmp_err and order: diff included
User-Agent: Mutt/1.2.5i
Hi,
The diff below fix 2 different issues.
First, when copying the original packet, put things in network order.
The second is to avoid problems when cksum is called in ipfr_fastroute.
Since hlen may be != 20 (let's say it contains options), and fin->fin_hlen
is used to compute cksum in fastroute, the header len and the actual len
may differ.
I'm not sure if this is the best solution. Maybe it'd be good to use the
incoming packet hlen in fastroute, don't know.
The problem may be reproduced with the following rule:
block return-icmp(net-unr) in log proto icmp from any to any
and doing ping -R 127.0.0.1
Comments?
f.-
--- ip_fil.c.orig Tue Apr 3 11:13:37 2001
+++ ip_fil.c Wed May 9 04:14:17 2001
@@ -1206,6 +1206,10 @@
icmp->icmp_nextmtu = htons(((struct ifnet *) ifp)->if_mtu);
#endif
+ oip->ip_len = htons(fin->fin_plen);
+ oip->ip_id = htons(fin->fin_id);
+ oip->ip_off = htons(fin->fin_off);
+
if (avail) {
bcopy((char *)oip, (char *)&icmp->icmp_ip, MIN(ohlen, avail));
avail -= MIN(ohlen, avail);
@@ -1241,6 +1245,7 @@
ip->ip_len = iclen;
ip->ip_p = IPPROTO_ICMP;
}
+ fin->fin_hlen = hlen;
err = send_ip(oip, fin, m);
return err;
}
----- End forwarded message -----