Date: Tue, 24 Dec 1996 07:00:37 +0100 (MET) From: Juergen Lock <nox@jelal.hb.north.de> To: isdn@muc.ditec.de Cc: hackers@freebsd.org Subject: ping o'death, variation on a theme... and less deadly things (bisdn) Message-ID: <199612240600.HAA21312@saturn.hb.north.de>
next in thread | raw e-mail | index | archive | help
[Not sure why this didn't go out the first time so i'm sending it again.
sorry to anyone who already saw it...]
And you thoght BSD's ip is immune to those right? :)
I still haven't got around tracking this down further but here is what happens:
2.1.6-stable kernel with bisdn-0.97 and bpf, start
tcpdump -i ipi0 then send it a 32k ping from the other end
(a dos ka9q + ispa in this case). you see the fragments coming in
and then it dies, apparently having overwritten the stack trying
to copy the entire(?) outgoing packet to bpf.
Also the bisdntrc didnt start properly with the included start_if
script, this is what i'm using now:
(and its running just perfect as long as i leave bpf alone. i like it!)
Index: sys-i386-isa/teles.c
@@ -563,6 +563,10 @@
chan_t *chan = &sc->sc_chan[c];
caddr_t hscx = chan->hscx;
+ /* tel_init gets called from all over the place. We don't want an */
+ /* interrupt to occur in the middle of changing these pointers */
+ /* mask all interrupts */
+ (*sc->put)(hscx, 0x20, 0xff); /* MASK */
if (chan->obuf)
m_freem(chan->obuf);
if (chan->ibuf)
Index: sys-bisdn/b_isdnipi.c
@@ -444,6 +444,7 @@
register struct mbuf *m1 = m;
register u_char *cp = bpfbuf;
+ u_int left = sizeof(bpfbuf) - 4;
u_int af = dst->sa_family;
/* prepend the address family to bpf buffer */
@@ -455,10 +456,12 @@
{
register int mlen = m1->m_len;
+ if (mlen > left)
+ mlen = left;
bcopy(mtod(m1, caddr_t), cp, mlen);
cp += mlen;
len += mlen;
- } while((m1 = m1->m_next) != NULL);
+ } while((m1 = m1->m_next) != NULL && left > 0);
}
#endif /* NBPFILTER */
Index: bisdntrc/bisdntrc.c
@@ -148,7 +148,23 @@
}
}
+#if 1
+ if((setvbuf(stdout, (char *)NULL, _IOLBF, 0)) != 0)
+ {
+ char buffer[80];
+
+ sprintf(buffer, "Error setting stdout to line-buffered");
+ perror(buffer);
+ exit(1);
+ }
+ if (signal(SIGHUP, catchsig) == SIG_IGN) {
+ /* write(1, "signal(SIGHUP, SIG_IGN)\n",
+ sizeof "signal(SIGHUP, SIG_IGN)\n" - 1); */
+ signal(SIGHUP, SIG_IGN);
+ };
+#else
(void) signal(SIGHUP, catchsig);
+#endif
(void) signal(SIGTERM, catchsig);
(void) signal(SIGKILL, catchsig);
(void) signal(SIGINT, catchsig);
Index: etc/start_if.ipi0
@@ -1,3 +1,4 @@
+#! /bin/sh
#---------------------------------------------------------------------------
#
# /etc/start_if.ipi0 - startup script for bisdn daemon
@@ -10,7 +11,8 @@
# output device for fullscreen mode
out_dev=/dev/ttyv6
# terminal type for fullscreen mode
-out_typ=pcvt25h
+#out_typ=pcvt25h
+out_typ=cons25
# enable lowlevel ISDN tracing
isdn_trace=YES
@@ -18,10 +20,10 @@
echo '---------- enter /etc/start_if.ipi0 -----------------------------------'
-if [ -f /etc/rc.ipfw ]
-then
- sh /etc/rc.ipfw
-fi
+#if [ -f /etc/rc.ipfw ]
+#then
+# sh /etc/rc.ipfw
+#fi
# start the isdn daemon
if [ -x /usr/local/bin/bisdnd ]
@@ -36,7 +38,8 @@
if [ -x /usr/local/bin/bisdntrc -a X${isdn_trace} = X"YES" ]
then
echo 'starting ISDN tracing ...'
- nohup /usr/local/bin/bisdntrc -n4 -r -o/tmp/isdn.trace >/dev/null 2>&1 &
+ #nohup /usr/local/bin/bisdntrc -n4 -r -o/tmp/isdn.trace >/dev/null 2>&1 &
+ (cd /etc/bisdn; sh -c 'nohup /usr/local/bin/bisdntrc -n4 -r >>/var/log/bisdn/isdn.trace 2>&1 &')
sleep 1
fi
thanx + cheers,
Juergen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612240600.HAA21312>