bad usage of the shutdown system call produce a packet with null ip
addresses
david guéluy
david.gueluy at netasq.com
Mon Feb 23 03:14:43 PST 2009
Hi,
By using a PFIL_HOOK on FreeBSD 7.1-prerelease, I notice that I
receive some packets from 0.0.0.0 to 0.0.0.0.
A buggy program in userland produce these packets when the shutdown
system call is used on
a socket which is not connected.
Even if it's a bad usage of a system call, this case can produce
strange behaviours, I think
it's necessary to add some checks in tcp_usr_shutdown.
Here is a short sample to reproduce that case :
test.c
#include <sys/socket.h>
#include <stdio.h>
int main(void)
{
int fd;
fd = socket(AF_INET, SOCK_STREAM, 0);
if (fd == -1)
return 1;
shutdown(fd, SHUT_RDWR);
close(fd);
return 0;
}
Add some debug in the kernel
[usr/src/sys/netinet]# diff -C4 ip_output.c.origin ip_output.c
*** ip_output.c.origin Mon Feb 23 10:27:52 2009
--- ip_output.c Fri Feb 20 15:23:39 2009
***************
*** 135,142 ****
--- 135,151 ----
hlen = len;
}
ip = mtod(m, struct ip *);
+ #define PRINTIP(a) printf("%u.%u.%u.%u",
(unsigned)ntohl(a)>>24&0xFF, (unsigned)ntohl(a)>>16&0xFF,
(unsigned)ntohl(a)>>8&0xFF, (unsigned)ntohl(a)&0xFF)
+
+ if (m->m_pkthdr.rcvif != NULL)
+ printf(" if %s ", m->m_pkthdr.rcvif->if_xname);
+ printf(" proto %d src ", (int)ip->ip_p); PRINTIP(ip-
>ip_src.s_addr);
+ printf(" dst "); PRINTIP(ip->ip_dst.s_addr);
+ printf(" ttl %u\n", (unsigned)ip->ip_ttl);
+
+
./test
proto 6 src 0.0.0.0 dst 0.0.0.0 ttl 64
Best regards,
Guéluy David
More information about the freebsd-net
mailing list