File: netipsec/keysock.c Function: key_sendup0() -------------- if (promisc) { struct sadb_msg *pmsg; M_PREPEND(m, sizeof(struct sadb_msg), M_DONTWAIT); if (m && m->m_len < sizeof(struct sadb_msg)) m = m_pullup(m, sizeof(struct sadb_msg)); if (!m) { pfkeystat.in_nomem++; m_freem(m); return ENOBUFS; } --------> m->m_pkthdr.len += sizeof(*pmsg); pmsg = mtod(m, struct sadb_msg *); bzero(pmsg, sizeof(*pmsg)); pmsg->sadb_msg_version = PF_KEY_V2; pmsg->sadb_msg_type = SADB_X_PROMISC; pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); /* pid and seq? */ pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; } ----------------- This "m->m_pkthdr.len += sizeof(*pmsg);" is not necessary, so sadb_msg_len is always 16 bytes to large. M_PREPEND already adjusts the length of the mbuf to the correct size. Best regards, Rainer Fix: Remove the adjustment of the m_buf length ( m->m_pkthdr.len += sizeof(*pmsg); ) How-To-Repeat: Switch the kernel PF_KEY to promiscuous mode. Receive promiscuous mode messages.
Responsible Changed From-To: freebsd-bugs->freebsd-net Over to maintainer(s).
A commit references this bug: Author: ae Date: Tue May 19 17:14:28 UTC 2015 New revision: 283117 URL: https://svnweb.freebsd.org/changeset/base/283117 Log: Remove unneded mbuf length adjustment, M_PREPEND() already did that. PR: 139387 MFC after: 1 week Changes: head/sys/netipsec/keysock.c
A commit references this bug: Author: ae Date: Sun May 31 22:49:33 UTC 2015 New revision: 283849 URL: https://svnweb.freebsd.org/changeset/base/283849 Log: MFC r283117: Remove unneded mbuf length adjustment, M_PREPEND() already did that. PR: 139387 Changes: _U stable/10/ stable/10/sys/netipsec/keysock.c
A commit references this bug: Author: ae Date: Sun May 31 22:51:17 UTC 2015 New revision: 283850 URL: https://svnweb.freebsd.org/changeset/base/283850 Log: MFC r283117: Remove unneded mbuf length adjustment, M_PREPEND() already did that. PR: 139387 Changes: _U stable/9/sys/ stable/9/sys/netipsec/keysock.c
Fixed in head, stable/10 and stable/9. Thanks!