[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #35616] Corruption of ICMP with IP fragmentation and a
From: |
Lars Jeppesen |
Subject: |
[lwip-devel] [bug #35616] Corruption of ICMP with IP fragmentation and alignment > 2 |
Date: |
Fri, 24 Feb 2012 08:51:09 +0000 |
User-agent: |
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
URL:
<http://savannah.nongnu.org/bugs/?35616>
Summary: Corruption of ICMP with IP fragmentation and
alignment > 2
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: larsjep
Submitted on: Fri Feb 24 08:51:08 2012
Category: IPv4
Severity: 3 - Normal
Item Group: Faulty Behaviour
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release:
lwIP version: 1.4.0
_______________________________________________________
Details:
Corruption of ICMP with IP fragmentation and alignment > 2
Hi,
I have discovered a problem in the IP fragmentation.
The problems occurs when I ping my target with an ICMP package that requires
IP fragmentation.
What happens is that the ICMP reply from my target is corrupted, or more
precise the 2 first bytes are missing.
This is what happens in the code:
(NOTE: My target requires 4 bytes alignment, MEM_ALIGNMENT=4)
1. The Ethernet package is placed in an pbuf and the payload is aligned.
2. The Ethernet header (14 bytes) is removed and payload is now unaligned.
3. The IP header is removed and the payload is still unaligned.
4. The ICMP sends back the incomming data by using the same pbuf. (That have
an unaligned payload)
5. In ip_frag.c a new pbuf is created with pbuf_alloced_custom, but in pbuf.c,
line 379,
the new payload pointer is aligned, and therefore the new payload pointer
points incorrectly.
6. The returned ICMP reply is incorrect.
NOTE: It seems that this problem is related to bug #34534. But the difference
is that my bug occurs when alignment is > 2.
Best regard
Lars Jeppesen
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?35616>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #35616] Corruption of ICMP with IP fragmentation and alignment > 2,
Lars Jeppesen <=