Page MenuHomeFreeBSD
Differential D28160

netipsec: Fix handling of unmapped mbufs
AbandonedPublic
Actions

Authored by markj on Jan 14 2021, 4:36 PM.
Tags
None
Referenced Files
F133210546: D28160.id82271.diff
Fri, Oct 24, 12:19 AM
Unknown Object (File)
Thu, Oct 16, 1:35 AM
Unknown Object (File)
Thu, Oct 16, 1:35 AM
Unknown Object (File)
Wed, Oct 15, 2:50 PM
Unknown Object (File)
Wed, Oct 15, 4:01 AM
Unknown Object (File)
Sep 19 2025, 8:41 PM
Unknown Object (File)
Sep 8 2025, 7:36 PM
Unknown Object (File)
Sep 4 2025, 4:28 PM
View All 60 Files
Subscribers
ae
imp
melifaro

Details

Reviewers
jhb
gallatin
Summary

sendfile over an encrypted ESP tunnel triggers a panic because we fail
to map packet data before trying to compute a checksum. Add the same
mb_unmapped_to_ext() call that we have in other places.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 36203
Build 33092: arc lint + arc unit

Event Timeline

markj created this revision.Jan 14 2021, 4:36 PM
Herald added subscribers: melifaro, ae, imp. · View Herald TranscriptJan 14 2021, 4:36 PM
Harbormaster completed remote builds in B36203: Diff 82271.Jan 14 2021, 4:36 PM
markj requested review of this revision.Jan 14 2021, 4:36 PM
markj added a child revision: D28161: ktls: Improve handling of the bind_threads tunable a bit.
markj added reviewers: jhb, gallatin.Jan 14 2021, 4:37 PM
gallatin accepted this revision.Jan 14 2021, 6:13 PM

Thank you for catching this.

This revision is now accepted and ready to land.Jan 14 2021, 6:13 PM
ae mentioned this in D28187: Convert unmapped mbufs before computing checksums in IPsec..Jan 16 2021, 11:28 AM
ae added a comment.Jan 16 2021, 11:54 AM

I think the patch in D28187 is better. You need to release reference to SP when error occurs before ipsec4_process_packet().

markj abandoned this revision.Jan 16 2021, 3:31 PM
In D28160#630053, @ae wrote:

I think the patch in D28187 is better. You need to release reference to SP when error occurs before ipsec4_process_packet().

Oops, thanks. :(

Revision Contents
Changeset List

PathSize
sys/
netipsec/
14 lines

Diff 82271

View Options

sys/netipsec/ipsec_output.c

Loading...