Fix wrong length in IP header in tcp_respond.

[Qemu-devel] [PATCH] Fix wrong length in IP header in tcp_respond.

Posted by Tao Wu 8 years, 9 months ago

This bug was introduced by https://github.com/qemu/qemu/commit/98c6305
And then we 'fix' it in
https://github.com/qemu/qemu/commit/27d92e
Actually I believe the root cause was that we sent out a RST packet with
wrong length and then get ignored by OS.

Signed-off-by: Tao Wu <lepton@google.com>
---
 slirp/tcp_subr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index ed16e1807f..dc8b4bbb50 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -204,7 +204,7 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct mbuf *m,
 	    m->m_len  -= sizeof(struct tcpiphdr) - sizeof(struct tcphdr)
 	                                         - sizeof(struct ip);
 	    ip = mtod(m, struct ip *);
-	    ip->ip_len = tlen;
+	    ip->ip_len = m->m_len;
 	    ip->ip_dst = tcpiph_save.ti_dst;
 	    ip->ip_src = tcpiph_save.ti_src;
 	    ip->ip_p = tcpiph_save.ti_pr;
@@ -224,7 +224,7 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct mbuf *m,
 	    m->m_len  -= sizeof(struct tcpiphdr) - sizeof(struct tcphdr)
 	                                         - sizeof(struct ip6);
 	    ip6 = mtod(m, struct ip6 *);
-	    ip6->ip_pl = tlen;
+	    ip6->ip_pl = tcpiph_save.ti_len;
 	    ip6->ip_dst = tcpiph_save.ti_dst6;
 	    ip6->ip_src = tcpiph_save.ti_src6;
 	    ip6->ip_nh = tcpiph_save.ti_nh6;
-- 
2.12.2.816.g2cccc81164-goog

Re: [Qemu-devel] [PATCH] Fix wrong length in IP header in tcp_respond.

Posted by no-reply@patchew.org 8 years, 9 months ago

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20170420202745.149601-1-lepton@google.com
Subject: [Qemu-devel] [PATCH] Fix wrong length in IP header in tcp_respond.

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]      patchew/20170414083717.13641-1-lvivier@redhat.com -> patchew/20170414083717.13641-1-lvivier@redhat.com
Switched to a new branch 'test'
b3105be Fix wrong length in IP header in tcp_respond.

=== OUTPUT BEGIN ===
Checking PATCH 1/1: Fix wrong length in IP header in tcp_respond....
ERROR: code indent should never use tabs
#24: FILE: slirp/tcp_subr.c:207:
+^I    ip->ip_len = m->m_len;$

ERROR: code indent should never use tabs
#33: FILE: slirp/tcp_subr.c:227:
+^I    ip6->ip_pl = tcpiph_save.ti_len;$

total: 2 errors, 0 warnings, 16 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org