Re: mbuf_outbound_finalize and in_delayed_cksum_offset
Re: mbuf_outbound_finalize and in_delayed_cksum_offset
- Subject: Re: mbuf_outbound_finalize and in_delayed_cksum_offset
- From: Anton Kuzmin <email@hidden>
- Date: Wed, 28 Sep 2005 11:00:41 +0100
Is it possible that you have some very different source now from the
latest published 792.2.4? In the source that I have struct ip *ip is
declared in the very first line of in_delayed_cksum_offset and not
initialized, then it's used inside of that printf(ip->ip_p) which
dereferences an invalid pointer ip (and panics), and only then it's
initialized to "mtod(m, struct ip*)", and mbuf_outbound_finalize does
not define anything but merely checks that it's an ip packet and chooses
the right checksum function.
void
in_delayed_cksum_offset(struct mbuf *m, int ip_offset)
{
//1. -----------ip declared-----------
struct ip *ip;
u_short csum, offset;
while (ip_offset > m->m_len) {
ip_offset -= m->m_len;
m = m->m_next;
if (m) {
printf("in_delayed_cksum_withoffset failed - ip_offset
wasn't in the packet\n");
return;
}
}
if (ip_offset + sizeof(struct ip) > m->m_len) {
//2. -----------dereferencing ip and crashing-----------
printf("delayed m_pullup, m->len: %d off: %d p: %d\n",
m->m_len, ip_offset, ip->ip_p);
/*
* XXX
* this shouldn't happen
*/
m = m_pullup(m, ip_offset + sizeof(struct ip));
}
/* Gross */
if (ip_offset) {
m->m_len -= ip_offset;
m->m_data += ip_offset;
}
//-----------3. ip initialized-----------
ip = mtod(m, struct ip*);
Anton
I don't believe that printing ip->ip_p is a bug. The printf is only
informational and should only appear when there is a bug in the
kernel or a kernel extension. ip->ip_p is defined when
mbuf_outbound_finalize is called from the interface layer.
-josh
On Sep 27, 2005, at 2:54 AM, Anton Kuzmin wrote:
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden