kern/133736: ip_id not protected ...
Ernest Hua
ehua at maxiscale.com
Tue Apr 14 14:10:03 PDT 2009
>Number: 133736
>Category: kern
>Synopsis: ip_id not protected ...
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 14 21:10:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Ernest Hua
>Release: 7.0-RELEASE
>Organization:
MaxiScale, Inc.
>Environment:
FreeBSD r01s18 7.0-RELEASE FreeBSD 7.0-RELEASE #0: ... amd64
This is our own compiled kernel that is based on 7.0-RELEASE with the dump/snapshot patch applied.
>Description:
We have evidence of IP fragments from different UDP transactions being stamped with the same 16-bit id.
>How-To-Repeat:
Using a multi-threaded application, transmit lots of large (much greater than MTU) UDP packets of the same size with known but distinctive content to a single destination port using a multi-core system as the transmitter.
There will be occasional data corruption found at the destination where data from one transaction is found in the payload of another transaction.
>Fix:
ip_id needs some atomic protection.
The same can probably be said of the random id generator.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list