From owner-svn-src-all@FreeBSD.ORG Thu Oct 2 10:32:25 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9CD1F841; Thu, 2 Oct 2014 10:32:25 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7DC99BD5; Thu, 2 Oct 2014 10:32:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s92AWPg6097132; Thu, 2 Oct 2014 10:32:25 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s92AWOGn097128; Thu, 2 Oct 2014 10:32:24 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201410021032.s92AWOGn097128@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Thu, 2 Oct 2014 10:32:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r272404 - head/sys/netinet6 X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 10:32:25 -0000 Author: tuexen Date: Thu Oct 2 10:32:24 2014 New Revision: 272404 URL: https://svnweb.freebsd.org/changeset/base/272404 Log: Fix the checksum computation for UDPLite/IPv6. This requires the usage of a function computing the checksum only over a part of the function. Therefore introduce in6_cksum_partial() and implement in6_cksum() based on that. While there, ensure that the UDPLite packet contains at least enough bytes to contain the header. Reviewed by: kevlo MFC after: 3 days Modified: head/sys/netinet6/in6.h head/sys/netinet6/in6_cksum.c head/sys/netinet6/udp6_usrreq.c Modified: head/sys/netinet6/in6.h ============================================================================== --- head/sys/netinet6/in6.h Thu Oct 2 10:31:32 2014 (r272403) +++ head/sys/netinet6/in6.h Thu Oct 2 10:32:24 2014 (r272404) @@ -647,6 +647,8 @@ struct ip6_hdr; int in6_cksum_pseudo(struct ip6_hdr *, uint32_t, uint8_t, uint16_t); int in6_cksum(struct mbuf *, u_int8_t, u_int32_t, u_int32_t); +int in6_cksum_partial(struct mbuf *, u_int8_t, u_int32_t, u_int32_t, + u_int32_t); int in6_localaddr(struct in6_addr *); int in6_localip(struct in6_addr *); int in6_addrscope(const struct in6_addr *); Modified: head/sys/netinet6/in6_cksum.c ============================================================================== --- head/sys/netinet6/in6_cksum.c Thu Oct 2 10:31:32 2014 (r272403) +++ head/sys/netinet6/in6_cksum.c Thu Oct 2 10:32:24 2014 (r272404) @@ -145,9 +145,11 @@ in6_cksum_pseudo(struct ip6_hdr *ip6, ui * off is an offset where TCP/UDP/ICMP6 header starts. * len is a total length of a transport segment. * (e.g. TCP header + TCP payload) + * cov is the number of bytes to be taken into account for the checksum */ int -in6_cksum(struct mbuf *m, u_int8_t nxt, u_int32_t off, u_int32_t len) +in6_cksum_partial(struct mbuf *m, u_int8_t nxt, u_int32_t off, + u_int32_t len, u_int32_t cov) { struct ip6_hdr *ip6; u_int16_t *w, scope; @@ -215,9 +217,9 @@ in6_cksum(struct mbuf *m, u_int8_t nxt, } w = (u_int16_t *)(mtod(m, u_char *) + off); mlen = m->m_len - off; - if (len < mlen) - mlen = len; - len -= mlen; + if (cov < mlen) + mlen = cov; + cov -= mlen; /* * Force to even boundary. */ @@ -273,7 +275,7 @@ in6_cksum(struct mbuf *m, u_int8_t nxt, * Lastly calculate a summary of the rest of mbufs. */ - for (;m && len; m = m->m_next) { + for (;m && cov; m = m->m_next) { if (m->m_len == 0) continue; w = mtod(m, u_int16_t *); @@ -290,12 +292,12 @@ in6_cksum(struct mbuf *m, u_int8_t nxt, sum += s_util.s; w = (u_int16_t *)((char *)w + 1); mlen = m->m_len - 1; - len--; + cov--; } else mlen = m->m_len; - if (len < mlen) - mlen = len; - len -= mlen; + if (cov < mlen) + mlen = cov; + cov -= mlen; /* * Force to even boundary. */ @@ -343,7 +345,7 @@ in6_cksum(struct mbuf *m, u_int8_t nxt, } else if (mlen == -1) s_util.c[0] = *(char *)w; } - if (len) + if (cov) panic("in6_cksum: out of data"); if (mlen == -1) { /* The last mbuf has odd # of bytes. Follow the @@ -355,3 +357,9 @@ in6_cksum(struct mbuf *m, u_int8_t nxt, REDUCE; return (~sum & 0xffff); } + +int +in6_cksum(struct mbuf *m, u_int8_t nxt, u_int32_t off, u_int32_t len) +{ + return (in6_cksum_partial(m, nxt, off, len, len)); +} Modified: head/sys/netinet6/udp6_usrreq.c ============================================================================== --- head/sys/netinet6/udp6_usrreq.c Thu Oct 2 10:31:32 2014 (r272403) +++ head/sys/netinet6/udp6_usrreq.c Thu Oct 2 10:32:24 2014 (r272404) @@ -227,11 +227,16 @@ udp6_input(struct mbuf **mp, int *offp, nxt = ip6->ip6_nxt; cscov_partial = (nxt == IPPROTO_UDPLITE) ? 1 : 0; - if (nxt == IPPROTO_UDPLITE && (ulen == 0 || ulen == plen)) { + if (nxt == IPPROTO_UDPLITE) { /* Zero means checksum over the complete packet. */ if (ulen == 0) ulen = plen; - cscov_partial = 0; + if (ulen == plen) + cscov_partial = 0; + if ((ulen < sizeof(struct udphdr)) || (ulen > plen)) { + /* XXX: What is the right UDPLite MIB counter? */ + goto badunlocked; + } } if (nxt == IPPROTO_UDP && plen != ulen) { UDPSTAT_INC(udps_badlen); @@ -257,7 +262,7 @@ udp6_input(struct mbuf **mp, int *offp, m->m_pkthdr.csum_data); uh_sum ^= 0xffff; } else - uh_sum = in6_cksum(m, nxt, off, ulen); + uh_sum = in6_cksum_partial(m, nxt, off, plen, ulen); if (uh_sum != 0) { UDPSTAT_INC(udps_badsum); @@ -844,8 +849,8 @@ udp6_output(struct inpcb *inp, struct mb ip6->ip6_dst = *faddr; if (cscov_partial) { - if ((udp6->uh_sum = in6_cksum(m, 0, - sizeof(struct ip6_hdr), cscov)) == 0) + if ((udp6->uh_sum = in6_cksum_partial(m, nxt, + sizeof(struct ip6_hdr), plen, cscov)) == 0) udp6->uh_sum = 0xffff; } else { udp6->uh_sum = in6_cksum_pseudo(ip6, plen, nxt, 0);