mbuf clusters leak in netinet6
Andrey V. Elsukov
bu7cher at yandex.ru
Sat Jul 22 19:38:31 UTC 2017
22.07.17 16:51, Daniel Bilik пишет:
> On Sat, 22 Jul 2017 12:11:31 +0300
> "Andrey V. Elsukov" <bu7cher at yandex.ru> wrote:
>
>> Freeing mbuf is under pfil hook responsibility, if it returns nonzero
>> value it must call m_freem(). So, it is bug in the ndpacket.c.
>
> Ah, thanks for clarifying this. It was quite unclear to me, because at
> other place I've seen m_freem() is called after non-zero pfil_run_hooks()
> result. [1]
>
> Nevertheless, I've patched and tested ndproxy as you suggested, and it
> works fine, with no mbuf leaks. Pull request created. [2]
This is because the "drop" label is shared between several places.
Usually pfil hook does m_freem() and sets mbuf pointer to NULL. Check
ip_output() or ip6_output(), also ipfw's pfil hook implementation:
https://svnweb.freebsd.org/base/head/sys/netpfil/ipfw/ip_fw_pfil.c?annotate=308237#l295
--
WBR, Andrey V. Elsukov
More information about the freebsd-net
mailing list