[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20061129.181537.38322733.davem@davemloft.net>
Date: Wed, 29 Nov 2006 18:15:37 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: kernel@...uxace.com
Cc: linux-kernel@...r.kernel.org, linux-netdev@...r.kernel.org
Subject: Re: Linux 2.6.19
From: Phil Oester <kernel@...uxace.com>
Date: Wed, 29 Nov 2006 17:49:04 -0800
> Getting an oops on boot here, caused by commit
> e81c73596704793e73e6dbb478f41686f15a4b34 titled
> "[NET]: Fix MAX_HEADER setting".
>
> Reverting that patch fixes things up for me. Dave?
I suspect that it might be because I removed the IPV6
ifdef from the list, but I can't imagine why that would
matter other than due to a bug in the IPV6 stack....
Indeed.
Looking at ndisc_send_rs() I wonder if it miscalculates
'len' or similar and the old MAX_HEADER setting was
merely papering around this bug....
In fact it does, the NDISC code is using MAX_HEADER incorrectly. It
needs to explicitly allocate space for the struct ipv6hdr in 'len'.
Luckily the TCP ipv6 code was doing it right.
What a horrible bug, this patch should fix it. Let me know
if it doesn't, thanks:
commit c28728decc37fe52c8cdf48b3e0c0cf9b0c2fefb
Author: David S. Miller <davem@...set.davemloft.net>
Date: Wed Nov 29 18:14:47 2006 -0800
[IPV6] NDISC: Calculate packet length correctly for allocation.
MAX_HEADER does not include the ipv6 header length in it,
so we need to add it in explicitly.
Signed-off-by: David S. Miller <davem@...emloft.net>
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 73eb8c3..c42d4c2 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -441,7 +441,8 @@ static void ndisc_send_na(struct net_dev
struct sk_buff *skb;
int err;
- len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
+ len = sizeof(struct ipv6hdr) + sizeof(struct icmp6hdr) +
+ sizeof(struct in6_addr);
/* for anycast or proxy, solicited_addr != src_addr */
ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
@@ -556,7 +557,8 @@ void ndisc_send_ns(struct net_device *de
if (err < 0)
return;
- len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
+ len = sizeof(struct ipv6hdr) + sizeof(struct icmp6hdr) +
+ sizeof(struct in6_addr);
send_llinfo = dev->addr_len && !ipv6_addr_any(saddr);
if (send_llinfo)
len += ndisc_opt_addr_space(dev);
@@ -632,7 +634,7 @@ void ndisc_send_rs(struct net_device *de
if (err < 0)
return;
- len = sizeof(struct icmp6hdr);
+ len = sizeof(struct ipv6hdr) + sizeof(struct icmp6hdr);
if (dev->addr_len)
len += ndisc_opt_addr_space(dev);
@@ -1381,7 +1383,8 @@ void ndisc_send_redirect(struct sk_buff
struct in6_addr *target)
{
struct sock *sk = ndisc_socket->sk;
- int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
+ int len = sizeof(struct ipv6hdr) + sizeof(struct icmp6hdr) +
+ 2 * sizeof(struct in6_addr);
struct sk_buff *buff;
struct icmp6hdr *icmph;
struct in6_addr saddr_buf;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists