IP fragmentation bugs in 4.2bsd or Sun UNIX
Yoichi Shinoda
shinoda at takuya.uucp
Sat May 10 19:07:22 AEST 1986
I'm not sure if this helps, but....
When fragmented IP packets are routed with further fragmentation,
they are sent wrong with ip_off field of the first outgoing packet
corresponding to each orginal fragmented text reset to 0, causing
reassembly of the original packet to be impossible.
original fragmented further fragmented
udp packet. ip packet. ip packet.
--------- --------- ---------
| | |off=0 | |off=0 |
| | | | | |
| | | | ---------
| | | | ---------
| | | | |off=50 |
| | | | | |
| | --------- ---------
| | --------- ---------
| | |off=100| |off=0 | (should be
| | | | | | 100)
| | | | ---------
| | | | ---------
| | | | |off=50 | (should be
| | | | | | 150)
--------- --------- ---------
MTU~=~100 MTU~=~50
Note that the bug shows up only if interfaces of different MTU
are employed in the transmission.
-----------------------------------------------------------------------
*** ip_output.c Sat May 10 16:44:16 1986
--- ip_output.c.old Mon Oct 29 02:11:17 1984
***************
*** 155,161
mh->m_len = sizeof (struct ip) + olen;
} else
mh->m_len = sizeof (struct ip);
! mhip->ip_off = (off >> 3) + (ip->ip_off & ~(IP_MF|IP_DF)) ;
if (off + len >= ip->ip_len-hlen)
len = mhip->ip_len = ip->ip_len - hlen - off;
else {
--- 155,161 -----
mh->m_len = sizeof (struct ip) + olen;
} else
mh->m_len = sizeof (struct ip);
! mhip->ip_off = off >> 3;
if (off + len >= ip->ip_len-hlen)
len = mhip->ip_len = ip->ip_len - hlen - off;
else {
-----------------------------------------------------------------------
Yoichi Shinoda
Tokyo Inst. of Tech.
Dept. of CS
UUCP: ...{ihnp4!seismo!mcvax}!kddlab!koudai!shinoda
JUNET: shinoda at cs.titech.junet
More information about the Comp.unix.wizards
mailing list