panic: IP header len too small
Matthew Dillon
dillon at apollo.backplane.com
Mon Jul 5 10:19:41 PDT 2004
:Got a panic w/ RC1 GENERIC kernel while copying files over NFS
:(tcp,nfsv3) from FreeBSD host.
:
:panic: IP header len too small
:panic(0,c341c000,c3a5ede0,c5fbcd68,c02bb550) at panic+0x84
:panic(c044cdb1,c0a9c340,c,c3a5ede0,0) at panic+0x84
:ip_input(c3418a00) at ip_input+0x158
:ip_input_handler(c0a9c340) at ip_input_handler+0xf
:netmsg_service_loop(0,0,0,0,0) at netmsg_service_leep+0x25
:lwkt_exit() at lwkt_exit
:Debugger("panic")
:Stopped at Debugger+0x34: movb $0,in_Debugger.342
:
:
:--
: Allan Fields, AFRSL - http://afields.ca
: 2D4F 6806 D307 0889 6125 C31D F745 0D72 39B4 5541
Hmm. Jeff, that check is supposed to be done in ip_demux.c but it
looks like it gets short circuited in one case:
/*
* XXX generic packet handling defrag on CPU 0 for now.
*/
if (ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK))
return (&netisr_cpu[0].td_msgport);
iphlen = ip->ip_hl << 2;
if (iphlen < sizeof(struct ip)) { /* minimum header length */
ipstat.ips_badhlen++;
return (NULL);
}
Should we move the ip_hl check to before the fragment code or should
we change the ip_hl check in ip_input to not panic ?
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Kernel
mailing list