IPSEC with MAC/MLS support crack

Hi, When I use FreeBSD-6.0 Release (also FreeBSD-5.4),
I found
IPSEC can't coexists with MAC.

When the IpSec is setup, and we connects the TCP
server with IPSEC and MAC support, the server
innevitably crack. Because the m_pkthdr of some mbuf
is mangled by unknown reasons.

Following is my kernel configuration:
options MAC
options MAC_DEBUG
options MAC_MLS
# uncomment to put sebsd to kernel, but better to
options IPSEC
options IPSEC_ESP

Following is the kernel dump backtrace:
#0 0xc0668f0b in kdb_enter (msg=0x12 <Address 0x12
out of bounds>) at cpufunc.h:60
#1 0xc06509ab in panic (fmt=0xc08e6470
"mac_mls_dominate_element: b->mme_type invalid")
at ../../../kern/kern_shutdown.c:545
#2 0xc07be3da in mac_mls_dominate_element
(a=0xc14dfebc, b=0xc1b5eee4)
at ../../../security/mac_mls/mac_mls.c:216
#3 0xc07be4e2 in mac_mls_effective_in_range
(effective=0xc1b5eee0, range=0xc14dfe70)
at ../../../security/mac_mls/mac_mls.c:266
#4 0xc07bf8de in mac_mls_check_ifnet_transmit
(ifnet=0xc1646400, ifnetlabel=0x12, m=0xc16e5600,
mbuflabel=0x12) at
#5 0xc07b49fb in mac_check_ifnet_transmit
(ifnet=0xc1646400, mbuf=0xc16e5600)
at ../../../security/mac/mac_net.c:409
#6 0xc06bfb46 in ether_output (ifp=0xc1646400,
m=0xc16e5600, dst=0xc1a16330, rt0=0xc1816840)
at ../../../net/if_ethersubr.c:161
#7 0xc06f3662 in ip_output (m=0xc16e5600,
opt=0xc16e56ec, ro=0xc1a1632c, flags=0, imo=0x0,
at ../../../netinet/ip_output.c:778
#8 0xc06fca6a in tcp_output (tp=0xc186fac8) at
#9 0xc0704bbc in tcp_disconnect (tp=0xc186fac8) at
#10 0xc07034c0 in tcp_usr_disconnect (so=0x12) at
#11 0xc0689822 in sodisconnect (so=0x0) at
#12 0xc0689490 in soclose (so=0xc19ec164) at
#13 0xc0678d17 in soo_close (fp=0xc1736c60,
td=0xc1730c00) at ../../../kern/sys_socket.c:317
#14 0xc062e818 in fdrop_locked (fp=0xc1736c60,
td=0xc1730c00) at file.h:289
#15 0xc062e769 in fdrop (fp=0xc1736c60, td=0xc1730c00)
at ../../../kern/kern_descrip.c:2112
#16 0xc062cd97 in closef (fp=0xc1736c60,
td=0xc1730c00) at ../../../kern/kern_descrip.c:1932
#17 0xc062a175 in close (td=0xc1730c00, uap=0x12) at
#18 0xc086576f in syscall (frame=

The failing point is not always the same and my system
FreeBSD zzy.ios 6.0-RELEASE FreeBSD 6.0-RELEASE #13:
Fri Mar 17 17:11:04 UTC 2006

Thanks very much

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"