Date: Mon, 23 Feb 2009 23:32:56 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: =?ISO-8859-15?Q?david_gu=E9luy?= <david.gueluy@netasq.com> Cc: freebsd-net@freebsd.org Subject: Re: bad usage of the shutdown system call produce a packet with null ip addresses Message-ID: <alpine.BSF.2.00.0902232330520.92010@fledge.watson.org> In-Reply-To: <F51842F3-0D80-4B2C-9D49-A81099A258F5@netasq.com> References: <F51842F3-0D80-4B2C-9D49-A81099A258F5@netasq.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--621616949-2018738240-1235431976=:92010
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8BIT
On Mon, 23 Feb 2009, david guéluy wrote:
> By using a PFIL_HOOK on FreeBSD 7.1-prerelease, I notice that I receive some
> packets from 0.0.0.0 to 0.0.0.0.
>
> A buggy program in userland produce these packets when the shutdown system
> call is used on a socket which is not connected.
>
> Even if it's a bad usage of a system call, this case can produce strange
> behaviours, I think it's necessary to add some checks in tcp_usr_shutdown.
>
> Here is a short sample to reproduce that case :
Definitely a bug -- could I ask you to file a PR on this, and forward me the
PR receipt from GNATS? I can take a look at this, but probably not for a week
or so and don't want to lose track of it. Most likely this is a result of the
changes to add INP_DROPPED and make the inpcb persist after disconnect, in
some way or another.
Robert N M Watson
Computer Laboratory
University of Cambridge
>
> test.c
>
> #include <sys/socket.h>
> #include <stdio.h>
>
> int main(void)
> {
> int fd;
>
> fd = socket(AF_INET, SOCK_STREAM, 0);
> if (fd == -1)
> return 1;
> shutdown(fd, SHUT_RDWR);
> close(fd);
> return 0;
> }
>
> Add some debug in the kernel
>
> [usr/src/sys/netinet]# diff -C4 ip_output.c.origin ip_output.c
> *** ip_output.c.origin Mon Feb 23 10:27:52 2009
> --- ip_output.c Fri Feb 20 15:23:39 2009
> ***************
> *** 135,142 ****
> --- 135,151 ----
> hlen = len;
> }
> ip = mtod(m, struct ip *);
>
> + #define PRINTIP(a) printf("%u.%u.%u.%u", (unsigned)ntohl(a)>>24&0xFF,
> (unsigned)ntohl(a)>>16&0xFF, (unsigned)ntohl(a)>>8&0xFF,
> (unsigned)ntohl(a)&0xFF)
> +
> + if (m->m_pkthdr.rcvif != NULL)
> + printf(" if %s ", m->m_pkthdr.rcvif->if_xname);
> + printf(" proto %d src ", (int)ip->ip_p);
> PRINTIP(ip->ip_src.s_addr);
> + printf(" dst "); PRINTIP(ip->ip_dst.s_addr);
> + printf(" ttl %u\n", (unsigned)ip->ip_ttl);
> +
> +
>
> ./test
> proto 6 src 0.0.0.0 dst 0.0.0.0 ttl 64
>
> Best regards,
> Guéluy David
>
--621616949-2018738240-1235431976=:92010--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0902232330520.92010>