diff options
| author |   dlg <dlg@openbsd.org> | 2014-01-29 00:50:56 +0000 |
|---|---|---|
| committer | dlg <dlg@openbsd.org> | 2014-01-29 00:50:56 +0000 |
| commit | e38fb13170ba1661ee1d472e1012f65d852e0220 (patch) | |
| tree | 76921f1c7b54f5482c9024202508ef8a9597af01 | |
| parent | In the experimental, never-enabled JPAKE code: clear returned digest and (diff) | |
| download | wireguard-openbsd-e38fb13170ba1661ee1d472e1012f65d852e0220.tar.xz wireguard-openbsd-e38fb13170ba1661ee1d472e1012f65d852e0220.zip | |
move the allocation of the mbuf copy to use for sending icmp errors
above the reroute label that pf uses after it does dest addr rewriting
on outgoing packets. previously rerouting caused an extra copy to
be allocated, which caused the first copy to be leaked.
this has been bugging me for over half a year probably. after i got
some rudimental mbuf tracing in place it took me and alex wilson
most of a work day to audit the stack.
ok claudio@ on an earlier diff
ok mpi@, who made my first diff better and was gracious enough to
let me commit his because of the pain id been through finding this
leak.
ok pelikan@
| -rw-r--r-- | sys/netinet6/ip6_forward.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index 01bf1ceaeb5..bc3e0cf48c1 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_forward.c,v 1.63 2013/11/11 09:15:35 mpi Exp $ */ +/* $OpenBSD: ip6_forward.c,v 1.64 2014/01/29 00:50:56 dlg Exp $ */ /* $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $ */ /* @@ -141,6 +141,17 @@ ip6_forward(struct mbuf *m, int srcrt) } ip6->ip6_hlim -= IPV6_HLIMDEC; + /* + * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU - + * size of IPv6 + ICMPv6 headers) bytes of the packet in case + * we need to generate an ICMP6 message to the src. + * Thanks to M_EXT, in most cases copy will not occur. + * + * It is important to save it before IPsec processing as IPsec + * processing may modify the mbuf. + */ + mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); + #if NPF > 0 reroute: #endif @@ -225,17 +236,6 @@ reroute: rtableid = m->m_pkthdr.rdomain; #endif - /* - * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU - - * size of IPv6 + ICMPv6 headers) bytes of the packet in case - * we need to generate an ICMP6 message to the src. - * Thanks to M_EXT, in most cases copy will not occur. - * - * It is important to save it before IPsec processing as IPsec - * processing may modify the mbuf. - */ - mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); - dst = &ip6_forward_rt.ro_dst; if (!srcrt) { /* |