Re: NPF: broken checksums

To: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Subject: Re: NPF: broken checksums
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Sun, 8 Apr 2018 08:32:57 +0200

Le 07/04/2018 à 19:53, Mindaugas Rasiukevicius a écrit :

Maxime Villard <max%m00nbsd.net@localhost> wrote:

It looks like there is a 16byte alignment problem somewhere in NPF. RFC793
says that "An option may begin on any octet boundary", so NPF should
handle that.


That is odd.  Does not sound like an alignment problem per se, though.


You probably understood it, but in case you didn't, I meant to say 16bit,
and not 16byte.

The problem is in npf_fixup16_cksum. It computes the new checksum assuming
"odatum" and "ndatum" are on a 16bit bounday, which they aren't.

That's intentional, since RFC1071 says that "Adjacent octets to be checksummed
are paired to form 16bit integers".

Therefore, to fix the issue we would need to call npf_fixup16_cksum twice,
once with [previous_8bit|mss_8bit], and once with [mss_8bit|next_8bit]. Or to
write a npf_fixup8_cksum and call it twice too.

Maxime

References:
- Re: NPF: broken checksums
  - From: Maxime Villard
- NPF: broken checksums
  - From: Maxime Villard
- Re: NPF: broken checksums
  - From: Robert Elz
- Re: NPF: broken checksums
  - From: Maxime Villard
- Re: NPF: broken checksums
  - From: Michael van Elst
- Re: NPF: broken checksums
  - From: Maxime Villard
- Re: NPF: broken checksums
  - From: Maxime Villard
- Re: NPF: broken checksums
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: Configuring a Bonjour host name
Next by Date: npf: nbuf_ensure_contig and large options
Previous by Thread: Re: NPF: broken checksums
Next by Thread: Re: NPF: broken checksums
Indexes:

Home | Main Index | Thread Index | Old Index