Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!floyd!harpo!seismo!hao!hplabs!sri-unix!walsh@bbn-unix From: walsh%bbn-unix@sri-unix.UUCP Newsgroups: net.unix-wizards Subject: 4.2BSD netimp/if_imphost.c Message-ID: <16962@sri-arpa.UUCP> Date: Sun, 26-Feb-84 20:46:04 EST Article-I.D.: sri-arpa.16962 Posted: Sun Feb 26 20:46:04 1984 Date-Received: Fri, 2-Mar-84 13:25:37 EST Lines: 54 From: Bob WalshAfter thinking about it a little bit, I realize my first letter contained code with hastily written comments. The code corrections are correct, but the code comments contained an incorrect analysis. I believe this diff contains code comments with a correct analysis of the source of the panic. 121,123d120 < #ifdef BUGFIXES < register struct mbuf *nextm; < #endif 126,132d122 < #ifdef BUGFIXES < /* < * see BUGFIXES below < */ < for (m = hosts; m; m = nextm) { < nextm = m->m_next; < #else 134d123 < #endif 209,211d197 < #ifdef BUGFIXES < register struct mbuf *nextm; < #endif 215,236d200 < #ifdef BUGFIXES < /* < * hostrelease may put the current m on the free list, so avoid < * traversing the free list instead of the host list. Not only is < * this wrong, but it can cause a panic: < * < * On the mbuf free list, the m_off field is zero (due to MFREE) < * and hm points to the m_next field of the mbuf. < * hm_count is m_next. < * < * m_off is h_q. m_len and m_type (0) are h_addr. < * The qcnt, timer, rfnm, and flags fields of hp are in m_dat. < * < * If hostrelease() is called on an item in the free list, then < * hm_count (m_next) is decremented, trashing the free list which < * we're following. < * < * bw 2/26/84 < */ < for (m = hosts; m; m = nextm) { < nextm = m->m_next; < #else 238d201 < #endif I'll try to be less sloppy, bob walsh