From: Jarek Poplawski <[EMAIL PROTECTED]>
Date: Mon, 12 Mar 2007 11:24:03 +0100
> > the ipcomp handler is xfrm6_rcv(), which calls xfrm6_rcv_spi(), which
> > contrary
> > to all other handlers returns -1 instead of 0 after calling kfree_skb() on
> > the
> > skb. Changing the return value to 0 in xfrm6_input.c:xfrm6_rcv_spi() fixes
> > the
> > problem.
> > But I got no clue at all if this would be a correct fix
>
> I think your diagnose is correct (all "return -1" should be
> changed to "return 0" in xfrm6_input.c).
Unfortunately, that won't work.
The return value logic for proto->handler() is different in
IPV6's ip6_input.c than it is for IPV4's ip_input.c.
IPv4 goes:
ret = ipprot->handler(skb);
if (ret < 0) {
protocol = -ret;
goto resubmit;
}
whereas IPV6 goes:
ret = ipprot->handler(&skb);
if (ret > 0)
goto resubmit;
There was a good reason why things were done differently for
this case, but I don't remember what that reason was.
Anyways, changing -1 to 0 in xfrm6_input.c will break everything
even though it might make this crash go away. :-)))
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
