Date: Fri, 30 Apr 1999 11:25:52 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: luigi@labinfo.iet.unipi.it (Luigi Rizzo) Cc: net@freebsd.org Subject: Re: possible bug in udp_usrreq ? Message-ID: <199904300925.LAA14634@labinfo.iet.unipi.it> In-Reply-To: <199904300918.LAA14603@labinfo.iet.unipi.it> from "Luigi Rizzo" at Apr 30, 99 11:18:35 am
next in thread | previous in thread | raw e-mail | index | archive | help
Whoops...
i correct myself: the bug appears to be also in the code in the
Stevens book, the reference figure for the multicast case is 23.26
(I am Bcc-ing Richard just in case he knows already...)
and maybe the fix is slightly different than the one i propose,
something like
m->m_len -= iphdrlen + sizeof (struct udphdr) ;
m->m_pkthdr.len -= iphdrlen + sizeof (struct udphdr) ;
m->m_data += iphdrlen + sizeof (struct udphdr) ;
because we can't (probably) touch iphdrlen since it is already
incremented in the unicast section (unless they are mutually
exclusive).
cheers
luigi
> Hi,
>
> i just noticed a possible bug in udp_usrreq.c:udp_input()
>
> When demuxing datagrams to udp socket, near line 199 of the file,
> there is the following section of code to skip the ip and udp
> headers:
>
> /*
> * Construct sockaddr format source address.
> */
> udp_in.sin_port = uh->uh_sport;
> udp_in.sin_addr = ip->ip_src;
> --> m->m_len -= sizeof (struct udpiphdr);
> --> m->m_data += sizeof (struct udpiphdr);
>
> note, there is no update to m->m_pkthdr.len such as
>
> m->m_pkthdr.len -= sizeof (struct udpiphdr);
>
> which in my opinion should be there, as it is instead done in the
> Stevens TCPIP/Ill.vol.2 pg 775 (fig.23.25) and also in the section
> of code related to unicast datagrams near line 313:
>
> iphlen += sizeof(struct udphdr);
> m->m_len -= iphlen;
> m->m_pkthdr.len -= iphlen;
> m->m_data += iphlen;
>
> Actually, looking at the differences, the multicast section of the
> code looks really broken and unable to handle ip options. It should
> be exactly the same as in the unicast case.
>
> Just for curiosity, i cheched in the CVS tree and all revisions of
> udp_input() seems to have the same problem. Even my old 1.1.5
> machine also shows the same bug, so i wonder when the problem
> came out, maybe someone with access to older Berkeley sources can
> see when that happened ?
>
> cheers
> luigi
> -----------------------------------+-------------------------------------
> Luigi RIZZO .
> EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione
> HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa
> TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy)
> -----------------------------------+-------------------------------------
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904300925.LAA14634>