From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 11:14:27 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 008D610656ED for ; Mon, 23 Feb 2009 11:14:26 +0000 (UTC) (envelope-from david.gueluy@netasq.com) Received: from netasq.netasq.com (netasq.netasq.com [213.30.137.178]) by mx1.freebsd.org (Postfix) with ESMTP id 724AD8FC0C for ; Mon, 23 Feb 2009 11:14:26 +0000 (UTC) (envelope-from david.gueluy@netasq.com) Received: from [10.2.13.60] (unknown [10.0.0.126]) by netasq.netasq.com (Postfix) with ESMTP id 03DC91C24B for ; Mon, 23 Feb 2009 11:52:29 +0100 (CET) Message-Id: From: =?ISO-8859-1?Q?david_gu=E9luy?= To: freebsd-net@freebsd.org Content-Type: multipart/signed; boundary=Apple-Mail-41--618870436; micalg=sha1; protocol="application/pkcs7-signature" Mime-Version: 1.0 (Apple Message framework v930.3) Date: Mon, 23 Feb 2009 11:52:47 +0100 X-Mailer: Apple Mail (2.930.3) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: bad usage of the shutdown system call produce a packet with null ip addresses X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2009 11:14:43 -0000 --Apple-Mail-41--618870436 Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Hi, By using a PFIL_HOOK on FreeBSD 7.1-prerelease, I notice that I =20 receive some packets from 0.0.0.0 to 0.0.0.0. A buggy program in userland produce these packets when the shutdown =20 system call is used on a socket which is not connected. Even if it's a bad usage of a system call, this case can produce =20 strange behaviours, I think it's necessary to add some checks in tcp_usr_shutdown. Here is a short sample to reproduce that case : test.c #include #include int main(void) { int fd; fd =3D socket(AF_INET, SOCK_STREAM, 0); if (fd =3D=3D -1) return 1; shutdown(fd, SHUT_RDWR); close(fd); return 0; } Add some debug in the kernel [usr/src/sys/netinet]# diff -C4 ip_output.c.origin ip_output.c *** ip_output.c.origin Mon Feb 23 10:27:52 2009 --- ip_output.c Fri Feb 20 15:23:39 2009 *************** *** 135,142 **** --- 135,151 ---- hlen =3D len; } ip =3D mtod(m, struct ip *); + #define PRINTIP(a) printf("%u.%u.%u.%u", =20 (unsigned)ntohl(a)>>24&0xFF, (unsigned)ntohl(a)>>16&0xFF, =20 (unsigned)ntohl(a)>>8&0xFF, (unsigned)ntohl(a)&0xFF) + + if (m->m_pkthdr.rcvif !=3D NULL) + printf(" if %s ", m->m_pkthdr.rcvif->if_xname); + printf(" proto %d src ", (int)ip->ip_p); PRINTIP(ip-=20 >ip_src.s_addr); + printf(" dst "); PRINTIP(ip->ip_dst.s_addr); + printf(" ttl %u\n", (unsigned)ip->ip_ttl); + + ./test proto 6 src 0.0.0.0 dst 0.0.0.0 ttl 64 Best regards, Gu=E9luy David --Apple-Mail-41--618870436--