Date: Tue, 14 Apr 2009 21:00:45 GMT From: Ernest Hua <ehua@maxiscale.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/133736: ip_id not protected ... Message-ID: <200904142100.n3EL0jCr077308@www.freebsd.org> Resent-Message-ID: <200904142110.n3ELA2D0081351@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 133736 >Category: kern >Synopsis: ip_id not protected ... >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Apr 14 21:10:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Ernest Hua >Release: 7.0-RELEASE >Organization: MaxiScale, Inc. >Environment: FreeBSD r01s18 7.0-RELEASE FreeBSD 7.0-RELEASE #0: ... amd64 This is our own compiled kernel that is based on 7.0-RELEASE with the dump/snapshot patch applied. >Description: We have evidence of IP fragments from different UDP transactions being stamped with the same 16-bit id. >How-To-Repeat: Using a multi-threaded application, transmit lots of large (much greater than MTU) UDP packets of the same size with known but distinctive content to a single destination port using a multi-core system as the transmitter. There will be occasional data corruption found at the destination where data from one transaction is found in the payload of another transaction. >Fix: ip_id needs some atomic protection. The same can probably be said of the random id generator. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904142100.n3EL0jCr077308>