diff options
| author | glebius <glebius@FreeBSD.org> | 2005-09-06 17:15:42 +0000 |
|---|---|---|
| committer | glebius <glebius@FreeBSD.org> | 2005-09-06 17:15:42 +0000 |
| commit | 535e8b6e003a1295c6c6d8a12660c68d9d2f61f3 (patch) | |
| tree | a3c70785864458ad24ee91efca95525f34fbcb18 /usr.sbin/portsnap | |
| parent | a1663238688650861d85c502aa4a267d1049211f (diff) | |
| download | FreeBSD-src-535e8b6e003a1295c6c6d8a12660c68d9d2f61f3.zip FreeBSD-src-535e8b6e003a1295c6c6d8a12660c68d9d2f61f3.tar.gz | |
When we read data from socket buffer using soreceive() the socket layer
does not clear m_nextpkt for us. The mbufs are sent into netgraph and
then, if they contain a TCP packet delivered locally, they will enter
socket code again. They can pass the first assert in sbappendstream()
because m_nextpkt may be set not in the first mbuf, but deeper in the
chain. So the problem will trigger much later, when local program
reads the data from socket, and an mbuf with m_nextpkt becomes a
first one.
This bug was demasked by revision 1.54, when I made upcall queueable.
Before revision 1.54 there was a very small probability to have 2
mbufs in GRE socket buffer, because ng_ksocket_incoming2() dequeued
the first one immediately.
- in ng_ksocket_incoming2() clear m_nextpkt on all mbufs
read from socket.
- restore rev. 1.54 change in ng_ksocket_incoming().
PR: kern/84952
PR: kern/82413
In collaboration with: rwatson
Diffstat (limited to 'usr.sbin/portsnap')
0 files changed, 0 insertions, 0 deletions
