From owner-freebsd-net Fri Apr 30 7:21:27 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 698A7152A7; Fri, 30 Apr 1999 07:20:42 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id LAA14603; Fri, 30 Apr 1999 11:18:55 +0200 From: Luigi Rizzo Message-Id: <199904300918.LAA14603@labinfo.iet.unipi.it> Subject: possible bug in udp_usrreq ? To: net@freebsd.org Date: Fri, 30 Apr 1999 11:18:54 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1691 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, i just noticed a possible bug in udp_usrreq.c:udp_input() When demuxing datagrams to udp socket, near line 199 of the file, there is the following section of code to skip the ip and udp headers: /* * Construct sockaddr format source address. */ udp_in.sin_port = uh->uh_sport; udp_in.sin_addr = ip->ip_src; --> m->m_len -= sizeof (struct udpiphdr); --> m->m_data += sizeof (struct udpiphdr); note, there is no update to m->m_pkthdr.len such as m->m_pkthdr.len -= sizeof (struct udpiphdr); which in my opinion should be there, as it is instead done in the Stevens TCPIP/Ill.vol.2 pg 775 (fig.23.25) and also in the section of code related to unicast datagrams near line 313: iphlen += sizeof(struct udphdr); m->m_len -= iphlen; m->m_pkthdr.len -= iphlen; m->m_data += iphlen; Actually, looking at the differences, the multicast section of the code looks really broken and unable to handle ip options. It should be exactly the same as in the unicast case. Just for curiosity, i cheched in the CVS tree and all revisions of udp_input() seems to have the same problem. Even my old 1.1.5 machine also shows the same bug, so i wonder when the problem came out, maybe someone with access to older Berkeley sources can see when that happened ? cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO . EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message