Date: Fri, 30 Apr 1999 11:25:52 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: luigi@labinfo.iet.unipi.it (Luigi Rizzo) Cc: net@freebsd.org Subject: Re: possible bug in udp_usrreq ? Message-ID: <199904300925.LAA14634@labinfo.iet.unipi.it> In-Reply-To: <199904300918.LAA14603@labinfo.iet.unipi.it> from "Luigi Rizzo" at Apr 30, 99 11:18:35 am
next in thread | previous in thread | raw e-mail | index | archive | help
Whoops... i correct myself: the bug appears to be also in the code in the Stevens book, the reference figure for the multicast case is 23.26 (I am Bcc-ing Richard just in case he knows already...) and maybe the fix is slightly different than the one i propose, something like m->m_len -= iphdrlen + sizeof (struct udphdr) ; m->m_pkthdr.len -= iphdrlen + sizeof (struct udphdr) ; m->m_data += iphdrlen + sizeof (struct udphdr) ; because we can't (probably) touch iphdrlen since it is already incremented in the unicast section (unless they are mutually exclusive). cheers luigi > Hi, > > i just noticed a possible bug in udp_usrreq.c:udp_input() > > When demuxing datagrams to udp socket, near line 199 of the file, > there is the following section of code to skip the ip and udp > headers: > > /* > * Construct sockaddr format source address. > */ > udp_in.sin_port = uh->uh_sport; > udp_in.sin_addr = ip->ip_src; > --> m->m_len -= sizeof (struct udpiphdr); > --> m->m_data += sizeof (struct udpiphdr); > > note, there is no update to m->m_pkthdr.len such as > > m->m_pkthdr.len -= sizeof (struct udpiphdr); > > which in my opinion should be there, as it is instead done in the > Stevens TCPIP/Ill.vol.2 pg 775 (fig.23.25) and also in the section > of code related to unicast datagrams near line 313: > > iphlen += sizeof(struct udphdr); > m->m_len -= iphlen; > m->m_pkthdr.len -= iphlen; > m->m_data += iphlen; > > Actually, looking at the differences, the multicast section of the > code looks really broken and unable to handle ip options. It should > be exactly the same as in the unicast case. > > Just for curiosity, i cheched in the CVS tree and all revisions of > udp_input() seems to have the same problem. Even my old 1.1.5 > machine also shows the same bug, so i wonder when the problem > came out, maybe someone with access to older Berkeley sources can > see when that happened ? > > cheers > luigi > -----------------------------------+------------------------------------- > Luigi RIZZO . > EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione > HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa > TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) > -----------------------------------+------------------------------------- > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904300925.LAA14634>