Date: Mon, 30 Mar 1998 16:28:39 -0500 (EST) From: eric@ennovatenetworks.com To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: misc/6177: IP reassembly fails when some options present Message-ID: <199803302128.QAA00502@johngalt.ennovatenetworks.com>
next in thread | raw e-mail | index | archive | help
>Number: 6177 >Category: misc >Synopsis: IP reassembly fails when some options present >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 30 13:30:01 PST 1998 >Last-Modified: >Originator: Eric Sprinkle >Organization: Ennovate Networks, Inc >Release: FreeBSD 2.2.5-RELEASE i386 >Environment: Two machines on the same IP subnet. Intel Etherexpress 100 NICs >Description: An oversized ping with record-route option fails the checksum test in ip_input and gets discarded. The function ip_input in ip_input.c determines the IP header length for each packet or fragment and save the length in the variable 'hlen'. Later on ip_input decides its a fragment and reassembles it and calls icmp_input with the header length. Unfortunately, hlen is the length of the last fragments IP header, which may be different than the header length of the first fragment. The 'record-route' option is an example of an option that is only present in the first fragment of a datagram. >How-To-Repeat: ping -s 3000 -R remote-node >Fix: In the code scrap below, from ip_input, the comment and the one line after the comment (hlen = ...) fix the problem. if (((struct ipasfrag *)ip)->ipf_mff & 1 || ip->ip_off) { ipstat.ips_fragments++; ip = ip_reass((struct ipasfrag *)ip, fp, &ipq[sum]); if (ip == 0) return; /* * Get the reassembled packet's header length */ hlen = IP_VHL_HL(ip->ip_vhl) << 2; ipstat.ips_reassembled++; m = dtom(ip); >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803302128.QAA00502>