UDP/IPv6 handling

Michael Tuexen Michael.Tuexen at lurchi.franken.de
Thu Oct 2 07:32:38 UTC 2014 

On 02 Oct 2014, at 05:51, Bryan Venteicher <bryanv at daemoninthecloset.org> wrote:

> 
> 
> On Wed, Oct 1, 2014 at 11:58 AM, Michael Tuexen <Michael.Tuexen at lurchi.franken.de> wrote:
> Dear all,
> 
> in udp6_input() we have the following code:
> 
>         if (nxt == IPPROTO_UDP && plen != ulen) {
>                 UDPSTAT_INC(udps_badlen);
>                 goto badunlocked;
>         }
>         /*
>          * Checksum extended UDP header and data.
>          */
>         if (uh->uh_sum == 0) {
>                 if (ulen > plen || ulen < sizeof(struct udphdr)) {
>                         UDPSTAT_INC(udps_nosum);
>                         goto badunlocked;
>                 }
>         }
> 
> I'm trying to understand the UDP code path...
> 
> 
> ​I too was recently confused by this code. ​I pointed out one issue to kevlo@ recently, but it still kind of seemed like the UDP-Lite was mismerged to IPv6.
I have a patch (to be committed soon which fixes UDPLite/IPv6).
> 
> So (ulen > plen) can't be true. I'm wondering why do we only check the ulen is not too
> short only in the case when the UDP checksum is zero. A zero checksum should also never happen.
Yepp.
> 
> 
> ​I hope to have a patch for ​RFC6935 [1] soon so a zero checksum may be allowed if the inp/udpcb is configured for it.
Great. However, we need to check that ulen is at least sizeof(struct udphdr) in any case.
> 
> 
> I think we should check for ulen < sizeof(struct udphdr) in any case.
> 
> 
> ​I think previously, the checks in ip6_input(), IP6_EXTHDR_CHECK(), and plen == ulen made this unnecessary. I think we'd want to do it for UDP-Lite if ulen was not initially zero.
But IP6_EXTHDR_CHECK doesn't check any fields in the packet. So it can happen that plen == ulen and ulen < sizeof(struct udphdr)...

Best regards
Michael
> ​[1]  - http://tools.ietf.org/html/rfc6935​
>  
> Opinions?
> 
> Best regards
> Michael
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list