Date: Tue, 7 May 2002 17:35:34 -0700 (PDT) From: Kelly Yancey <kbyanc@posi.net> To: freebsd-stable@freebsd.org Cc: freebsd-tokenring@freebsd.org, <freebsd-net@freebsd.org> Subject: Call for testers Message-ID: <20020507171815.H28397-200000@gateway.posi.net>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
I am looking for testers for the attached patch in hopes of MFC'ing this
bug-fix from -current to -stable in time for 4.6-RELEASE. The bug being
addressed is that interface's with names longer than 6 characters often
overflow the sockaddr_dl data structure's buffer for holding them
(specifically, 7 or more characters for the interface name plus the 6 bytes
for ethernet or token ring hardware addresses exceeds the 12 byte sdl_data
field that is to hold them). The manifestation of this bug is that the iso
802.5 source routing control field is overwritten with part of the interface's
hardware address (and vice-a-versa).
The fix committed to -current is the same as that in the attached patch.
Both give the storage previously reserved for 802.5 source routing information
to the sdl_data field so it may be used to hold longer interface names or
hardware addresses. In the case of token-ring, source routing information is
stored in the sdl_data field now, but at the same offset as it used to be in
the structure, so there is effectively no change.
So the overall effect is that token-ring interface names still may not
exceed 6 characters in length. However, for all other interfaces, there is
plenty of room allotted for the interface name and hardware address (46 bytes
now as compared to 12) thereby averting the overflow. In addition, since the
structure offsets did not change nor did the size of the sockaddr_dl structure
itself, I believe there should be no imcompatibility with binary-only network
drivers.
However, I do not have access to any token-ring hardware so I cannot be 100%
sure that I didn't break 802.5 source routing on such devices. Therefor, I
would be most grateful if anyone with token ring hardware could please apply
the attached patches and report any successes for failures. Thanks,
Kelly
[-- Attachment #2 --]
Index: net/if_dl.h
===================================================================
RCS file: /home/cvs/acs/base/src/sys/net/if_dl.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 if_dl.h
--- net/if_dl.h 22 Mar 2002 04:11:00 -0000 1.1.1.1
+++ net/if_dl.h 30 Apr 2002 20:14:09 -0000
@@ -66,10 +66,8 @@
u_char sdl_nlen; /* interface name length, no trailing 0 reqd. */
u_char sdl_alen; /* link level address length */
u_char sdl_slen; /* link layer selector length */
- char sdl_data[12]; /* minimum work area, can be larger;
+ char sdl_data[46]; /* minimum work area, can be larger;
contains both if name and ll address */
- u_short sdl_rcf; /* source routing control */
- u_short sdl_route[16]; /* source routing information */
};
#define LLADDR(s) ((caddr_t)((s)->sdl_data + (s)->sdl_nlen))
Index: net/if_iso88025subr.c
===================================================================
RCS file: /home/cvs/acs/base/src/sys/net/if_iso88025subr.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 if_iso88025subr.c
--- net/if_iso88025subr.c 22 Mar 2002 04:11:00 -0000 1.1.1.1
+++ net/if_iso88025subr.c 30 Apr 2002 21:27:12 -0000
@@ -202,8 +202,8 @@
/* Calculate routing info length based on arp table entry */
if (rt && (sdl = (struct sockaddr_dl *)rt->rt_gateway))
- if (sdl->sdl_rcf != NULL)
- rif_len = TR_RCF_RIFLEN(sdl->sdl_rcf);
+ if (SDL_ISO88025(sdl)->trld_rcf != NULL)
+ rif_len = TR_RCF_RIFLEN(SDL_ISO88025(sdl)->trld_rcf);
/* Generate a generic 802.5 header for the packet */
gen_th.ac = TR_AC;
@@ -212,8 +212,9 @@
if (rif_len) {
gen_th.iso88025_shost[0] |= TR_RII;
if (rif_len > 2) {
- gen_th.rcf = sdl->sdl_rcf;
- memcpy(gen_th.rd, sdl->sdl_route, rif_len - 2);
+ gen_th.rcf = SDL_ISO88025(sdl)->trld_rcf;
+ memcpy(gen_th.rd, SDL_ISO88025(sdl)->trld_route,
+ rif_len - 2);
}
}
Index: net/iso88025.h
===================================================================
RCS file: /home/cvs/acs/base/src/sys/net/iso88025.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 iso88025.h
--- net/iso88025.h 22 Mar 2002 04:11:00 -0000 1.1.1.1
+++ net/iso88025.h 30 Apr 2002 21:27:05 -0000
@@ -102,6 +102,15 @@
u_char fc;
};
+struct iso88025_sockaddr_dl_data {
+ u_short trld_rcf;
+ u_short *trld_route[RIF_MAX_LEN];
+};
+
+#define SDL_ISO88025(s) ((struct iso88025_sockaddr_dl_data *) \
+ ((s)->sdl_data + min((s)->sdl_nlen + \
+ (s)->sdl_alen + (s)->sdl_slen, 12)))
+
/*
* Structure of a 48-bit iso 802.5 address.
* ( We could also add the 16 bit addresses as a union)
Index: netinet/if_ether.c
===================================================================
RCS file: /home/cvs/acs/base/src/sys/netinet/if_ether.c,v
retrieving revision 1.5
diff -u -r1.5 if_ether.c
--- netinet/if_ether.c 29 Mar 2002 20:33:57 -0000 1.5
+++ netinet/if_ether.c 30 Apr 2002 21:27:23 -0000
@@ -529,6 +529,7 @@
register struct arpcom *ac = (struct arpcom *)m->m_pkthdr.rcvif;
struct ether_header *eh;
struct iso88025_header *th = (struct iso88025_header *)0;
+ struct iso88025_sockaddr_dl_data *trld;
register struct llinfo_arp *la = 0;
register struct rtentry *rt;
struct ifaddr *ifa;
@@ -647,7 +648,6 @@
update:
(void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha));
sdl->sdl_alen = sizeof(ea->arp_sha);
- sdl->sdl_rcf = (u_short)0;
/*
* If we receive an arp from a token-ring station over
* a token-ring nic then try to save the source
@@ -655,13 +655,14 @@
*/
if (ac->ac_if.if_type == IFT_ISO88025) {
th = (struct iso88025_header *)m->m_pkthdr.header;
+ trld = SDL_ISO88025(sdl);
rif_len = TR_RCF_RIFLEN(th->rcf);
if ((th->iso88025_shost[0] & TR_RII) &&
(rif_len > 2)) {
- sdl->sdl_rcf = th->rcf;
- sdl->sdl_rcf ^= htons(TR_RCF_DIR);
- memcpy(sdl->sdl_route, th->rd, rif_len - 2);
- sdl->sdl_rcf &= ~htons(TR_RCF_BCST_MASK);
+ trld->trld_rcf = th->rcf;
+ trld->trld_rcf ^= htons(TR_RCF_DIR);
+ memcpy(trld->trld_route, th->rd, rif_len - 2);
+ trld->trld_rcf &= ~htons(TR_RCF_BCST_MASK);
/*
* Set up source routing information for
* reply packet (XXX)
@@ -675,9 +676,7 @@
m->m_data -= 8;
m->m_len += 8;
m->m_pkthdr.len += 8;
- th->rcf = sdl->sdl_rcf;
- } else {
- sdl->sdl_rcf = (u_short)0;
+ th->rcf = trld->trld_rcf;
}
if (rt->rt_expire)
rt->rt_expire = time_second + arpt_keep;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020507171815.H28397-200000>