Date: Wed, 26 Jan 2000 16:40:02 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/15175: tcp_input() fails to update m->m_pkthdr.len Message-ID: <200001270040.QAA74323@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/15175; it has been noted by GNATS. From: Archie Cobbs <archie@whistle.com> To: freebsd-gnats-submit@freebsd.org Cc: Subject: Re: kern/15175: tcp_input() fails to update m->m_pkthdr.len Date: Wed, 26 Jan 2000 16:32:47 -0800 (PST) This bug is fixed in 4.0-current thanks to the IPv6 integration. However, it remains in 3.4-stable.. below is a patch that fixes it with some KASSERT's to insure that the M_PKTHDR assumptions are correct. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com Index: sys/netinet/ip_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_input.c,v retrieving revision 1.111.2.5 diff -u -r1.111.2.5 ip_input.c --- ip_input.c 2000/01/18 16:03:55 1.111.2.5 +++ ip_input.c 2000/01/26 23:57:18 @@ -909,9 +909,14 @@ (void) m_free(dtom(fp)); m->m_len += (IP_VHL_HL(ip->ip_vhl) << 2); m->m_data -= (IP_VHL_HL(ip->ip_vhl) << 2); - /* some debugging cruft by sklower, below, will go away soon */ - if (m->m_flags & M_PKTHDR) { /* XXX this should be done elsewhere */ + + /* + * Recompute total packet length + */ + KASSERT(m->m_flags & M_PKTHDR, ("%s: not pkthdr", __FUNCTION__)); + { register int plen = 0; + for (t = m; m; m = m->m_next) plen += m->m_len; t->m_pkthdr.len = plen; Index: sys/netinet/tcp_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.82.2.3 diff -u -r1.82.2.3 tcp_input.c --- tcp_input.c 1999/10/14 11:49:38 1.82.2.3 +++ tcp_input.c 2000/01/26 23:57:22 @@ -292,6 +292,8 @@ short ostate = 0; #endif + KASSERT(m->m_flags & M_PKTHDR, ("%s: not pkthdr", __FUNCTION__)); + bzero((char *)&to, sizeof(to)); tcpstat.tcps_rcvtotal++; @@ -371,8 +373,14 @@ /* * Drop TCP, IP headers and TCP options. */ - m->m_data += sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr); - m->m_len -= sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr); + { + const int diff = sizeof(struct tcpiphdr) + off + - sizeof(struct tcphdr); + + m->m_data += diff; + m->m_len -= diff; + m->m_pkthdr.len -= diff; + } /* * Locate pcb for segment. @@ -1954,8 +1962,11 @@ struct tcpiphdr *ti; register struct mbuf *m; { + struct mbuf *m0 = m; int cnt = ti->ti_urp - 1; + KASSERT(m->m_flags & M_PKTHDR, ("%s: not pkthdr", __FUNCTION__)); + while (cnt >= 0) { if (m->m_len > cnt) { char *cp = mtod(m, caddr_t) + cnt; @@ -1965,6 +1976,7 @@ tp->t_oobflags |= TCPOOB_HAVEDATA; bcopy(cp+1, cp, (unsigned)(m->m_len - cnt - 1)); m->m_len--; + m0->m_pkthdr.len--; return; } cnt -= m->m_len; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001270040.QAA74323>