• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: mbuf_outbound_finalize bug?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mbuf_outbound_finalize bug?

  • Subject: Re: mbuf_outbound_finalize bug?
  • From: Adi Masputra <email@hidden>
  • Date: Thu, 21 Dec 2006 19:58:28 -0800

On Dec 21, 2006, at 6:55 PM, Bhavesh Davda wrote:

So I did this from my iff_output_func callback:

mbuf_get_csum_requested(*data, &csumFlags, NULL);
if (csumFlags) {
  ipHdr = (struct iphdr *)((uint8 *)mbuf_data(*data) + ETHER_HDR_LEN);
  if (ipHdr->tot_len > mbuf_pkthdr_len(*data)) {
     /* ip_len must be in network-byte-order. Byte-swap it. */
     ipHdr->tot_len = ntohs(ipHdr->tot_len);
     swapIpLen = TRUE;
  }
  mbuf_outbound_finalize(*data, PF_INET, ETHER_HDR_LEN);
  /* byte-swap ip_len back. */
  if (swapIpLen) {
     ipHdr->tot_len = htons(ipHdr->tot_len);
  }

I *think* this is what your suggestion was.

This makes the kernel panic! I attached to the kernel and examined the
mbuf, and it looked totally messed up. Several pointers were pointing
to la-la land, the data in m->m_hdr.mh_data was munged from its
original values, etc.

The same was the case (messed up mbuf) when I set a breakpoint after
mbuf_outbound_finalize() and examined it, on a non-panic'ed kernel.

What am I, as poor KEXT author, doing wrong? The i386 version of
in_cksum_skip() is too hard for a simple minded person like me to
figure out :)


Your filter shouldn't assume that the headers are in a contiguous span;
instead, you should probably use mbuf_copydata() to be safe. In addition,
your code above compares the result of mbuf_pkthdr_len() against the
*network* byte-order value of IP length; the ntohs() part should be
done before that check.

Try this instead:

static errno_t
iff_output(void *cookie, ifnet_t interface, protocol_family_t protocol,
    mbuf_t *data)
{
        if (protocol == AF_INET) {
                u_int16_t ip_len;
                size_t offset = sizeof (struct ether_header) +
		    offsetof(struct ip, ip_len);

if (mbuf_copydata(*data, offset, sizeof (ip_len),
&ip_len) == 0) {
ip_len = ntohs(ip_len);
mbuf_copyback(*data, offset, sizeof (ip_len),
&ip_len, MBUF_WAITOK);
mbuf_outbound_finalize(*data, protocol,
sizeof (struct ether_header));
mbuf_copydata(*data, offset, sizeof (ip_len), &ip_len);
ip_len = htons(ip_len);
mbuf_copyback(*data, offset, sizeof (ip_len),
&ip_len, MBUF_WAITOK);
}
}

        return (0);
}


Adi

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: mbuf_outbound_finalize bug?
      • From: "Bhavesh Davda" <email@hidden>
References: 
 >mbuf_outbound_finalize bug? (From: "Bhavesh Davda" <email@hidden>)
 >Re: mbuf_outbound_finalize bug? (From: Adi Masputra <email@hidden>)
 >Re: mbuf_outbound_finalize bug? (From: "Bhavesh Davda" <email@hidden>)
 >Re: mbuf_outbound_finalize bug? (From: Adi Masputra <email@hidden>)
 >Re: mbuf_outbound_finalize bug? (From: "Bhavesh Davda" <email@hidden>)

  • Prev by Date: Re: mbuf_outbound_finalize bug?
  • Next by Date: Re: mbuf_outbound_finalize bug?
  • Previous by thread: Re: mbuf_outbound_finalize bug?
  • Next by thread: Re: mbuf_outbound_finalize bug?
  • Index(es):
    • Date
    • Thread