From owner-freebsd-net Fri Apr 30 7:21: 1 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id AD57214F45 for ; Fri, 30 Apr 1999 07:20:42 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id LAA14634; Fri, 30 Apr 1999 11:25:52 +0200 From: Luigi Rizzo Message-Id: <199904300925.LAA14634@labinfo.iet.unipi.it> Subject: Re: possible bug in udp_usrreq ? To: luigi@labinfo.iet.unipi.it (Luigi Rizzo) Date: Fri, 30 Apr 1999 11:25:52 +0200 (MET DST) Cc: net@freebsd.org In-Reply-To: <199904300918.LAA14603@labinfo.iet.unipi.it> from "Luigi Rizzo" at Apr 30, 99 11:18:35 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 2385 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Whoops... i correct myself: the bug appears to be also in the code in the Stevens book, the reference figure for the multicast case is 23.26 (I am Bcc-ing Richard just in case he knows already...) and maybe the fix is slightly different than the one i propose, something like m->m_len -= iphdrlen + sizeof (struct udphdr) ; m->m_pkthdr.len -= iphdrlen + sizeof (struct udphdr) ; m->m_data += iphdrlen + sizeof (struct udphdr) ; because we can't (probably) touch iphdrlen since it is already incremented in the unicast section (unless they are mutually exclusive). cheers luigi > Hi, > > i just noticed a possible bug in udp_usrreq.c:udp_input() > > When demuxing datagrams to udp socket, near line 199 of the file, > there is the following section of code to skip the ip and udp > headers: > > /* > * Construct sockaddr format source address. > */ > udp_in.sin_port = uh->uh_sport; > udp_in.sin_addr = ip->ip_src; > --> m->m_len -= sizeof (struct udpiphdr); > --> m->m_data += sizeof (struct udpiphdr); > > note, there is no update to m->m_pkthdr.len such as > > m->m_pkthdr.len -= sizeof (struct udpiphdr); > > which in my opinion should be there, as it is instead done in the > Stevens TCPIP/Ill.vol.2 pg 775 (fig.23.25) and also in the section > of code related to unicast datagrams near line 313: > > iphlen += sizeof(struct udphdr); > m->m_len -= iphlen; > m->m_pkthdr.len -= iphlen; > m->m_data += iphlen; > > Actually, looking at the differences, the multicast section of the > code looks really broken and unable to handle ip options. It should > be exactly the same as in the unicast case. > > Just for curiosity, i cheched in the CVS tree and all revisions of > udp_input() seems to have the same problem. Even my old 1.1.5 > machine also shows the same bug, so i wonder when the problem > came out, maybe someone with access to older Berkeley sources can > see when that happened ? > > cheers > luigi > -----------------------------------+------------------------------------- > Luigi RIZZO . > EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione > HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa > TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) > -----------------------------------+------------------------------------- > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message