From owner-freebsd-net@FreeBSD.ORG Wed Oct 1 16:59:05 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2904F602 for ; Wed, 1 Oct 2014 16:59:05 +0000 (UTC) Received: from mail-n.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail-n.franken.de", Issuer "Thawte DV SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E221B5EE for ; Wed, 1 Oct 2014 16:59:04 +0000 (UTC) Received: from [192.168.1.102] (p508F3C1B.dip0.t-ipconnect.de [80.143.60.27]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTP id C1C161C0E978B for ; Wed, 1 Oct 2014 18:59:00 +0200 (CEST) From: Michael Tuexen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: UDP/IPv6 handling Message-Id: Date: Wed, 1 Oct 2014 18:58:58 +0200 To: FreeBSD Net Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Oct 2014 16:59:05 -0000 Dear all, in udp6_input() we have the following code: if (nxt =3D=3D IPPROTO_UDP && plen !=3D ulen) { UDPSTAT_INC(udps_badlen); goto badunlocked; }=20 /* * Checksum extended UDP header and data. */ if (uh->uh_sum =3D=3D 0) { if (ulen > plen || ulen < sizeof(struct udphdr)) { UDPSTAT_INC(udps_nosum); goto badunlocked; } } I'm trying to understand the UDP code path... So (ulen > plen) can't be true. I'm wondering why do we only check the = ulen is not too short only in the case when the UDP checksum is zero. A zero checksum = should also never happen. I think we should check for ulen < sizeof(struct udphdr) in any case. Opinions? Best regards Michael=