From owner-freebsd-net Wed Jun 30 20:46:59 1999 Delivered-To: freebsd-net@freebsd.org Received: from public1.ptt.js.cn (unknown [202.102.13.144]) by hub.freebsd.org (Postfix) with ESMTP id 2A7FC14CBE; Wed, 30 Jun 1999 20:45:21 -0700 (PDT) (envelope-from witman@iname.com) Received: from heart (tnt3-66-215.nj.js.cn [202.102.66.215]) by public1.ptt.js.cn (8.9.1/8.9.1) with SMTP id KAA19052; Thu, 1 Jul 1999 10:41:53 +0800 (CST) Message-ID: <000101bec374$30e06eb0$010000c8@heart.witman.com> From: "Witman Peng" To: Cc: Subject: IP reassemble fails if it contains more that 20 bytes options? Date: Thu, 1 Jul 1999 11:42:50 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, All I am developing an application based on 4.4BSD-Lite source code. When I port the code in file netinet/ip_input.c, I found a problem. But I have no chance to install FreeBSD and test it, so I am not sure whether it'a bug or not. The following are the code to reassemble the IP fragments from ip_input.c: From routine ipintr: if (ip->ip_off &~ IP_DF) { if (m->m_flags & M_EXT) { /* XXX */ if ((m = m_pullup(m, sizeof (struct ip))) == 0) { ipstat.ips_toosmall++; goto next; } ip = mtod(m, struct ip *); } From routine ip_reass: int hlen = ip->ip_hl << 2; int i, next; m->m_data += hlen; m->m_len -= hlen; Suppose a fragment with more that 208 bytes and 40 bytes IP option, it will be stored in the cluster but not mbuf. In routine ipintr, function pullup just pullup sizeof(struct ip) (maybe 40 bytes for tcp header) bytes into a new mbuf. However, the IP header is 60 (20 + 40) bytes, so the complete IP header cannot be stored in this mbuf. Then in routine ip_reass, after run the above code, m->m_data will pointer to an incorrect address. Dose it seems right? Any inputs would be apprecaited. BR, Witman Peng To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message