panic: IP header len too small

Matthew Dillon dillon at apollo.backplane.com
Mon Jul 5 10:19:41 PDT 2004


:Got a panic w/ RC1 GENERIC kernel while copying files over NFS
:(tcp,nfsv3) from FreeBSD host.
:
:panic: IP header len too small
:panic(0,c341c000,c3a5ede0,c5fbcd68,c02bb550) at panic+0x84
:panic(c044cdb1,c0a9c340,c,c3a5ede0,0) at panic+0x84
:ip_input(c3418a00) at ip_input+0x158
:ip_input_handler(c0a9c340) at ip_input_handler+0xf
:netmsg_service_loop(0,0,0,0,0) at netmsg_service_leep+0x25
:lwkt_exit() at lwkt_exit
:Debugger("panic")
:Stopped at	Debugger+0x34:	movb	$0,in_Debugger.342
:
:
:-- 
: Allan Fields, AFRSL - http://afields.ca
: 2D4F 6806 D307 0889 6125  C31D F745 0D72 39B4 5541

    Hmm.  Jeff, that check is supposed to be done in ip_demux.c but it
    looks like it gets short circuited in one case:

        /*
         * XXX generic packet handling defrag on CPU 0 for now.
         */
        if (ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK))
                return (&netisr_cpu[0].td_msgport);

        iphlen = ip->ip_hl << 2;
        if (iphlen < sizeof(struct ip)) {       /* minimum header length */
                ipstat.ips_badhlen++;
                return (NULL);
        }

   Should we move the ip_hl check to before the fragment code or should
   we change the ip_hl check in ip_input to not panic ?

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Kernel mailing list