Subject: kern/3577: UDP-packet length calculation wrong
To: None <gnats-bugs@gnats.netbsd.org>
From: Heiko W.Rupp <hwr@pilhuhn.de>
List: netbsd-bugs
Date: 05/05/1997 17:44:24
>Number: 3577
>Category: kern
>Synopsis: UDP-packet length calculation wrong
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 5 08:50:03 1997
>Last-Modified:
>Originator: Heiko W.Rupp
>Organization:
Heiko W.Rupp Gerwigstr.5 D-76131 Karlsruhe +49 721 9661524
>Release: 1.1
>Environment:
System: NetBSD snert.pilhuhn.de 1.1 NetBSD 1.1 (SNERT+PPP) #11: Thu Jan 30 11:00:49 MET 1997 hwr@snert.pilhuhn.de:/usr/src/sys/arch/i386/compile/SNERT+PPP i386
>Description:
Received UDP packets with more than 2^15 Bytes in size are thrown
away by the system.
From looking at the code (and also at TCP/IP Illustrated II), this
seems to be a signed/unsigned
>How-To-Repeat:
Send UDP packets with more than 2^15 in length to the host,
look at ``netstat -s | tail '' before and after sending. The
value of the ``xx with bad data length field'' line will increase
by the packet count.
>Fix:
From looking at the code it seems that this is the offending line:
netinet/udp_usrreq.c:
void
udp_input(m, iphlen)
register struct mbuf *m;
int iphlen;
{
register struct ip *ip;
register struct udphdr *uh;
register struct inpcb *inp;
struct mbuf *opts = 0;
>Audit-Trail:
>Unformatted:
>> int len;
struct ip save_ip;
(I am not sure tough).