Date: Wed, 12 Oct 2005 07:54:13 GMT From: Rickard Lind <rickard.lind@ntier.se> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/87306: IP_PORTRANGE_HIGH causes bad UDP checksum Message-ID: <200510120754.j9C7sDOZ098623@www.freebsd.org> Resent-Message-ID: <200510120800.j9C80MMA050483@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 87306 >Category: kern >Synopsis: IP_PORTRANGE_HIGH causes bad UDP checksum >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 12 08:00:22 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Rickard Lind >Release: 5.4 >Organization: NTier Solutions >Environment: FreeBSD nevermind 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: Due to a mixup of two fields, setting the socket option IP_PORTRANGE_HIGH on a UDP socket in order to bind a high (random) port affects the checksum calculation such that the resulting checksum is incorrect. >How-To-Repeat: Create a UDP (SOCK_DGRAM) socket. Set the IP_PORTRANGE_HIGH socket option. Bind with a zero port. Send some data to another host. Ethereal on the receiveing host reports the UDP checksum as incorrect. >Fix: The problem is that the flag INP_ONESBCAST has the same value (0x10) as the flag INP_HIGHPORT in sys/netinet/in_pcb.h, and INP_ONESBCAST is tested against the inp_flags field (in sys/netinet/udp_usrreq.c and sys/netinet/raw_ip.c) when it SHOULD be tested against the inp_vflag field. This causes the checksum calculation on line 867 in udp_usrreq.c to use the broadcast address leading to an incorrect checksum. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510120754.j9C7sDOZ098623>