In ip6_input() after line 294, a bunch of code takes care of copying the mbuf/mbuf cluster to a more KAME conform mbuf/mbuf cluster - but in my opinion, it does it not completely right ... In line 318, the m_copydata() call works only if the new mbuf n is "just" an mbuf and not an mbuf cluster. See the solution what I mean. Fix: I think the code should look like this: 318 if (n && n->m_pkthdr.len > MHLEN) { 319 m_copydata(m, 0, n->m_pkthdr.len, n->m_ext.ext_buf); 320 n->m_data = n->m_ext.ext_buf; 321 } else { 322 m_copydata(m, 0, n->m_pkthdr.len, mtod(n, caddr_t)); 323 } Please find a diff attached. Patch attached with submission follows:
Responsible Changed From-To: freebsd-bugs->kmacy Add to queue to verify that the submitter is correct.
Responsible Changed From-To: kmacy->freebsd-net kmacy has asked for all of his PRs to be reassigned back to the pool.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Nope, the m_data pointer is initialized during uma_zalloc_arg - see mb_ctor_clust() in sys/kern/kern_mbuf.c