From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 23:32:56 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFA4E1065674 for ; Mon, 23 Feb 2009 23:32:56 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id B82FB8FC18 for ; Mon, 23 Feb 2009 23:32:56 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 6DC6746B0C; Mon, 23 Feb 2009 18:32:56 -0500 (EST) Date: Mon, 23 Feb 2009 23:32:56 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: =?ISO-8859-15?Q?david_gu=E9luy?= In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="621616949-2018738240-1235431976=:92010" Cc: freebsd-net@freebsd.org Subject: Re: bad usage of the shutdown system call produce a packet with null ip addresses X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2009 23:32:57 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --621616949-2018738240-1235431976=:92010 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8BIT On Mon, 23 Feb 2009, david guéluy wrote: > By using a PFIL_HOOK on FreeBSD 7.1-prerelease, I notice that I receive some > packets from 0.0.0.0 to 0.0.0.0. > > A buggy program in userland produce these packets when the shutdown system > call is used on a socket which is not connected. > > Even if it's a bad usage of a system call, this case can produce strange > behaviours, I think it's necessary to add some checks in tcp_usr_shutdown. > > Here is a short sample to reproduce that case : Definitely a bug -- could I ask you to file a PR on this, and forward me the PR receipt from GNATS? I can take a look at this, but probably not for a week or so and don't want to lose track of it. Most likely this is a result of the changes to add INP_DROPPED and make the inpcb persist after disconnect, in some way or another. Robert N M Watson Computer Laboratory University of Cambridge > > test.c > > #include > #include > > int main(void) > { > int fd; > > fd = socket(AF_INET, SOCK_STREAM, 0); > if (fd == -1) > return 1; > shutdown(fd, SHUT_RDWR); > close(fd); > return 0; > } > > Add some debug in the kernel > > [usr/src/sys/netinet]# diff -C4 ip_output.c.origin ip_output.c > *** ip_output.c.origin Mon Feb 23 10:27:52 2009 > --- ip_output.c Fri Feb 20 15:23:39 2009 > *************** > *** 135,142 **** > --- 135,151 ---- > hlen = len; > } > ip = mtod(m, struct ip *); > > + #define PRINTIP(a) printf("%u.%u.%u.%u", (unsigned)ntohl(a)>>24&0xFF, > (unsigned)ntohl(a)>>16&0xFF, (unsigned)ntohl(a)>>8&0xFF, > (unsigned)ntohl(a)&0xFF) > + > + if (m->m_pkthdr.rcvif != NULL) > + printf(" if %s ", m->m_pkthdr.rcvif->if_xname); > + printf(" proto %d src ", (int)ip->ip_p); > PRINTIP(ip->ip_src.s_addr); > + printf(" dst "); PRINTIP(ip->ip_dst.s_addr); > + printf(" ttl %u\n", (unsigned)ip->ip_ttl); > + > + > > ./test > proto 6 src 0.0.0.0 dst 0.0.0.0 ttl 64 > > Best regards, > Guéluy David > --621616949-2018738240-1235431976=:92010--