Do not generate illegal mbuf chains during IP fragment reassembly. Only
the first mbuf of the reassembled datagram should have a pkthdr. This was discovered with cxgbe(4) + IPSEC + ping with payload more than interface MTU. cxgbe can generate !M_WRITEABLE mbufs and this results in m_unshare being called on the reassembled datagram, and it complains: panic: m_unshare: m0 0xfffff80020f82600, m 0xfffff8005d054100 has M_PKTHDR PR: 224922 Reviewed by: ae@ MFC after: 1 week Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D14009
This commit is contained in:
parent
d610e605bf
commit
af35a0e296
@ -377,6 +377,7 @@ ip_reass(struct mbuf *m)
|
||||
q->m_nextpkt = NULL;
|
||||
m->m_pkthdr.csum_flags &= q->m_pkthdr.csum_flags;
|
||||
m->m_pkthdr.csum_data += q->m_pkthdr.csum_data;
|
||||
m_demote_pkthdr(q);
|
||||
m_cat(m, q);
|
||||
}
|
||||
/*
|
||||
|
@ -541,6 +541,7 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
|
||||
while (t->m_next)
|
||||
t = t->m_next;
|
||||
m_adj(IP6_REASS_MBUF(af6), af6->ip6af_offset);
|
||||
m_demote_pkthdr(IP6_REASS_MBUF(af6));
|
||||
m_cat(t, IP6_REASS_MBUF(af6));
|
||||
free(af6, M_FTABLE);
|
||||
af6 = af6dwn;
|
||||
|
Loading…
Reference in New Issue
Block a user