Date: Wed, 13 Aug 2008 16:02:23 GMT From: Rui Paulo <rpaulo@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 147308 for review Message-ID: <200808131602.m7DG2NYC060243@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=147308 Change 147308 by rpaulo@rpaulo_epsilon on 2008/08/13 16:01:52 Disable packet padding. It's causing memory corruption. Cope with retransmisted SYN or SYN/ACK during connections. Affected files ... .. //depot/projects/soc2008/rpaulo-tcpad/handler.c#18 edit .. //depot/projects/soc2008/rpaulo-tcpad/timer.c#9 edit .. //depot/projects/soc2008/rpaulo-tcpad/verify.c#8 edit Differences ... ==== //depot/projects/soc2008/rpaulo-tcpad/handler.c#18 (text+ko) ==== @@ -23,7 +23,7 @@ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/soc2008/rpaulo-tcpad/handler.c#17 $ + * $P4: //depot/projects/soc2008/rpaulo-tcpad/handler.c#18 $ */ #include <stdio.h> @@ -94,6 +94,7 @@ rcp = find_conn(ip->ip_dst, ip->ip_src, ntohs(th->th_dport), ntohs(th->th_sport)); +#ifdef notyet /* * Erase the data in the TCP packet. * XXX: This breaks the checksum. @@ -102,6 +103,7 @@ */ memset((inetpkt + sizeof(struct ip) + th->th_off * 4), 'R', snaplen - (sizeof(struct ip) + th->th_off * 4) - 2); +#endif added = 0; if (cp && cp->pktshead) { ==== //depot/projects/soc2008/rpaulo-tcpad/timer.c#9 (text+ko) ==== @@ -23,7 +23,7 @@ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/soc2008/rpaulo-tcpad/timer.c#8 $ + * $P4: //depot/projects/soc2008/rpaulo-tcpad/timer.c#9 $ */ #include <assert.h> @@ -117,10 +117,10 @@ setitimer(ITIMER_REAL, &itp, NULL); LIST_FOREACH_SAFE(cp, &tcpchead, entries, cp_t) { - if (cp->pktshead) + if (cp->pktshead) { dumper_free(cp); - if (cp->rcp && cp->rcp->pktshead) cp->rcp->pktshead = NULL; + } LIST_REMOVE(cp, entries); free(cp); } ==== //depot/projects/soc2008/rpaulo-tcpad/verify.c#8 (text+ko) ==== @@ -23,7 +23,7 @@ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/soc2008/rpaulo-tcpad/verify.c#7 $ + * $P4: //depot/projects/soc2008/rpaulo-tcpad/verify.c#8 $ */ #include <stdio.h> @@ -232,6 +232,8 @@ */ if ((th->th_flags & TH_SYN) && !(th->th_flags & TH_ACK) && !(th->th_flags & TH_RST) && !(th->th_flags & TH_FIN)) { + if (tp && th->th_seq == tp->irs) + return (cp); cp = malloc(sizeof(*cp)); memset(cp, 0, sizeof(*cp)); @@ -294,11 +296,10 @@ TCPAD_VERIFY_DIRECTION_IN); break; default: - dumper_error(cp, "SYN/ACK received, state != SYN_SENT"); - dumper_free(cp); - LIST_REMOVE(cp, entries); - free(cp); - return NULL; + /* + * We got a SYN/ACK retransmission. Just ignore it. + */ + return (cp); } tp->irs = th->th_seq; tp->rcv_wnd = th->th_win;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808131602.m7DG2NYC060243>