NAT Taversal bug in kernel patch ?
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Tue Jan 2 06:13:54 PST 2007
On Tue, Jan 02, 2007 at 02:59:59AM -0800, ashoke saha wrote:
> Hi ,
Hi.
> just joined the mailibng list. I was implementing
> NAT traversal based on the patch and my kernel was
> panicking because of wrong ipsec config, which it
> should not whatever be the config.
>
> Looks like there is a small issue in the code
> http://ipsec-tools.sourceforge.net/freebsd6-natt.diff
> which might already be fixed.
>
> Look at the call of the function
> udp4_espinudp () in udp append. Now under certain
> circumstances it is possible that udp4_espinudp ()
> calls m_pullup() and it would add a new pkt header to
> the mbuf chain. But udp_append() is still holding the
> old head, whose PKTHDR flag is now off. It then sends
> the pkt further up and kernel does as panic as it does
> not see PKTHDR flag.
I already fixed "something like that" a few months ago.
Are you using the latest version of the patch ?
MD5 sum of the patch file should be 510ac07e6aa95d34e1e05da0695e4059,
is that what you get ?
Yvan.
--
NETASQ
http://www.netasq.com
More information about the freebsd-net
mailing list