Re: Linux 2.6.19

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Phil Oester <[email protected]>
Date: Wed, 29 Nov 2006 17:49:04 -0800

> Getting an oops on boot here, caused by commit
> e81c73596704793e73e6dbb478f41686f15a4b34 titled
> "[NET]: Fix MAX_HEADER setting".
> 
> Reverting that patch fixes things up for me.  Dave?

I suspect that it might be because I removed the IPV6
ifdef from the list,  but I can't imagine why that would
matter other than due to a bug in the IPV6 stack....

Indeed.

Looking at ndisc_send_rs() I wonder if it miscalculates
'len' or similar and the old MAX_HEADER setting was
merely papering around this bug....

In fact it does, the NDISC code is using MAX_HEADER incorrectly.  It
needs to explicitly allocate space for the struct ipv6hdr in 'len'.
Luckily the TCP ipv6 code was doing it right.

What a horrible bug, this patch should fix it.  Let me know
if it doesn't, thanks:

commit c28728decc37fe52c8cdf48b3e0c0cf9b0c2fefb
Author: David S. Miller <[email protected]>
Date:   Wed Nov 29 18:14:47 2006 -0800

    [IPV6] NDISC: Calculate packet length correctly for allocation.
    
    MAX_HEADER does not include the ipv6 header length in it,
    so we need to add it in explicitly.
    
    Signed-off-by: David S. Miller <[email protected]>

diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 73eb8c3..c42d4c2 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -441,7 +441,8 @@ static void ndisc_send_na(struct net_dev
         struct sk_buff *skb;
 	int err;
 
-	len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
+	len = sizeof(struct ipv6hdr) + sizeof(struct icmp6hdr) +
+		sizeof(struct in6_addr);
 
 	/* for anycast or proxy, solicited_addr != src_addr */
 	ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
@@ -556,7 +557,8 @@ void ndisc_send_ns(struct net_device *de
 	if (err < 0)
 		return;
 
-	len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
+	len = sizeof(struct ipv6hdr) + sizeof(struct icmp6hdr) +
+		sizeof(struct in6_addr);
 	send_llinfo = dev->addr_len && !ipv6_addr_any(saddr);
 	if (send_llinfo)
 		len += ndisc_opt_addr_space(dev);
@@ -632,7 +634,7 @@ void ndisc_send_rs(struct net_device *de
 	if (err < 0)
 		return;
 
-	len = sizeof(struct icmp6hdr);
+	len = sizeof(struct ipv6hdr) + sizeof(struct icmp6hdr);
 	if (dev->addr_len)
 		len += ndisc_opt_addr_space(dev);
 
@@ -1381,7 +1383,8 @@ void ndisc_send_redirect(struct sk_buff 
 			 struct in6_addr *target)
 {
 	struct sock *sk = ndisc_socket->sk;
-	int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
+	int len = sizeof(struct ipv6hdr) + sizeof(struct icmp6hdr) +
+		2 * sizeof(struct in6_addr);
 	struct sk_buff *buff;
 	struct icmp6hdr *icmph;
 	struct in6_addr saddr_buf;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux