Date: Wed, 17 Jan 2007 12:09:53 -0500 From: John Baldwin <jhb@freebsd.org> To: freebsd-current@freebsd.org Cc: Luigi Rizzo <rizzo@icir.org>, current@freebsd.org Subject: Re: [bug found] Re: byte swapped udp length in diskless bootp request ? Message-ID: <200701171209.54142.jhb@freebsd.org> In-Reply-To: <20061201100821.A85139@xorpc.icir.org> References: <20061130105537.A69725@xorpc.icir.org> <20061201100821.A85139@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 01 December 2006 13:08, Luigi Rizzo wrote: > On Thu, Nov 30, 2006 at 10:55:37AM -0800, Luigi Rizzo wrote: > > i was just trying to diskless-boot a -current kernel, > > and when it was time for the kernel to acquire the address > > i was getting the usual > > > > DHCP/BOOTP timeout for server 255.255.255.255 > > > > Usually it is because of lack of connectivity, but > > a bit of inspection on the server showed (as you can see > > below) that the UDP len field is byte-swapped - the 05bc > > in the packet is in little-endian format, causing the > > server to reject it. > > [ actually, it is the IP len that is byte-swapped ] > > > I am trying to follow the code in sys/nfsclient/bootp_subr.c > > (which should send the packet) but it seemd to call sosend() > > (at line 755) to generate the packet, so it looks really strange > > that the bug is in such a central place... any ideas ? > > as a followup: > > Downgrading sys/kern/uipc_socket.c to version 1.284 make HEAD > work again with in-kernel bootp.. > > i managed to locate the bug in the following commit: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/uipc_socket.c.diff?r1=1.284&r2=1.285 > > Revision 1.285 Thu Nov 2 17:45:28 2006 UTC (4 weeks ago) by andre > Branch: MAIN > Changes since 1.284: +29 -1 lines > Diff to previous 1.284 (colored) > > Use the improved m_uiotombuf() function instead of home grown sosend_copyin() > to do the userland to kernel copying in sosend_generic() and sosend_dgram(). > > sosend_copyin() is retained for ZERO_COPY_SOCKETS which are not yet supported > by m_uiotombuf(). > > I don't know exactly where the problem is, but the bug i found is triggered > by in-kernel sockets (such as the one used by the internal bootp client) > so maybe this was a case not tested by andre. > > I am unclear on where is the actual bug. hopefully something simple... Does the bootp code try to send a 0 byte packet per chance? -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701171209.54142.jhb>