Hi,
in sys/netinet/ip_output.c at the end of ip_output:
done:
if (ro == &iproute && ro->ro_rt && !nortfree) {
RTFREE(ro->ro_rt);
}
ro->ro_rt gets freed, if not from flowtable.
but in sys/netinet/ip_input.c, ip_forward after ip_output is called:
error = ip_output(m, NULL, &ro, IP_FORWARDING, NULL, NULL);
if (error == EMSGSIZE && ro.ro_rt)
mtu = ro.ro_rt->rt_rmx.rmx_mtu;
if (ro.ro_rt)
RTFREE(ro.ro_rt);
first the mtu is saved an the it will be freed.
so:
*) double free? - mtu could be invalid?
*) could also free a flowtable entry?
Mit freundlichen Gruessen,
Ingo Flaschberger
Geschaeftsleitung
____________________________________
crossip communications gmbh
A-1020 Wien, Sebastian Kneipp Gasse 1/3
Sitz der Gesellschaft: 1020 Wien, Oesterreich
Firmenbuchgericht: Handelsgericht Wien, FN 269698 s,
Umsatzsteueridentifikationsnummer (UID): ATU62080367
Haftungsausschluss / Disclaimer <http://www.xip.at/content/view/278/>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
