netbsd-bugs: kern/13472: sl0 sends break packets

Subject: kern/13472: sl0 sends break packets
To: None <gnats-bugs@gnats.netbsd.org>
From: None <isaki@par.odn.ne.jp>
List: netbsd-bugs
Date: 07/15/2001 23:12:38
>Number:         13472
>Category:       kern
>Synopsis:       sl0 sends break packets
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 15 07:10:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Tetsuya Isaki
>Release:        NetBSD 1.5W
>Organization:
none
>Environment:
System: NetBSD erika.local 1.5W NetBSD 1.5W (ERIKA-CURRENT) #13: Sat Jul 14 23:17:40 JST 2001 root@erika.local:/var/obj/current/i386/sys/arch/i386/compile/ERIKA-CURRENT i386


>Description:
sl0 sends break packets on NetBSD-current.
Recieving on sl0 is fine. And it is fine to sending
and receiving on sl0 on NetBSD 1.5(or 1.5.1).

Here is network topology.

 erika (NetBSD 1.5W) ------- kyoko (FreeBSD 4.2)
          192.168.5.2  sl0   192.168.5.1

then, 'ping 192.168.5.1' at erika (NetBSD 1.5W) and
'tcpdump -nxpi sl0' at kyoko(FreeBSD 4.2).

kyoko:~# tcpdump -nxpi sl0
tcpdump: listening on sl0
22:08:42.381470 truncated-ip - 59 bytes missing!192.69.0.0 > 84.0.29.0: icmp: echo reply
                         4500 0054 001d 0000 ff01 3038 c045 0000
                         5400 1d00 00ff 0130 38
22:08:43.395819 truncated-ip - 59 bytes missing!192.69.0.0 > 84.0.31.0: icmp: echo reply
                         4500 0054 001f 0000 ff01 3036 c045 0000
                         5400 1f00 00ff 0130 36

>How-To-Repeat:
Configure SLIP networks between NetBSD-current(1.5W) and someone.
Then, send pakcet from NetBSD-current to sl0.

The trigger of this bug is 0xc0 in the sending packet.
so you should ifconfig sl0 inet 192.168.x.x ...
                                ^^^

>Fix:
It is cause to miss updating bp pointer when cp pointer
encounters 0xc0(FRAME_END).

Apply this patch.

Index: if_sl.c
===================================================================
RCS file: /cvs/cvsroot/syssrc/sys/net/if_sl.c,v
retrieving revision 1.76
diff -u -r1.76 if_sl.c
--- if_sl.c	2001/06/14 05:44:24	1.76
+++ if_sl.c	2001/07/15 14:04:03
@@ -853,6 +853,7 @@
 					}
 					sc->sc_if.if_obytes += 2;
 				}
+				bp = cp;
 			}
 			MFREE(m, m2);
 			m = m2;
>Release-Note:
>Audit-Trail:
>Unformatted: